./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor330065773 <...> [pid 6713] close(3) = 0 [pid 6713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6710] <... openat resumed>) = 4 [pid 6714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6713] write(1, "executing program\n", 18 [pid 6710] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6713] <... write resumed>) = 18 [pid 6710] <... futex resumed>) = 1 [pid 6713] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6713] <... futex resumed>) = 0 [pid 6713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6714] <... openat resumed>) = 3 [pid 6713] <... mmap resumed>) = 0x7f701fcf4000 [pid 6709] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 6714] write(3, "1000", 4 [pid 6709] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... write resumed>) = 4 [pid 6709] <... futex resumed>) = 1 [pid 6710] <... futex resumed>) = 0 [pid 6709] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] close(3) = 0 [pid 6713] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6710] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6713] <... mprotect resumed>) = 0 [pid 6710] <... openat resumed>) = 5 [pid 6714] write(1, "executing program\n", 18 [pid 6710] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6714] <... write resumed>) = 18 [pid 6714] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6710] <... futex resumed>) = 1 [pid 6709] <... futex resumed>) = 0 [pid 6709] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6714] <... futex resumed>) = 0 [pid 6709] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6710] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6710] <... write resumed>) = 1116 [pid 6713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6710] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6710] <... futex resumed>) = 1 [pid 6709] <... futex resumed>) = 0 [pid 6709] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6715 attached [pid 6710] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6710] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6713] <... clone3 resumed> => {parent_tid=[149]}, 88) = 149 [pid 6710] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6713] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6716 attached [pid 6714] <... mprotect resumed>) = 0 [pid 6709] <... futex resumed>) = 0 [pid 6715] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6714] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6709] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] set_robust_list(0x55557616a6a0, 24 [pid 6715] set_robust_list(0x7f701fd149a0, 24 [pid 6710] <... futex resumed>) = 0 [pid 6709] <... futex resumed>) = 1 [pid 6715] <... set_robust_list resumed>) = 0 [pid 6710] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6709] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6710] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6710] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] <... set_robust_list resumed>) = 0 [pid 6710] <... futex resumed>) = 1 [pid 6709] <... futex resumed>) = 0 [pid 6716] chdir("./71" [pid 6710] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6709] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6709] <... futex resumed>) = 0 [pid 6715] rt_sigprocmask(SIG_SETMASK, [], [pid 6710] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6716] <... chdir resumed>) = 0 [pid 6715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6712] <... write resumed>) = 2097152 executing program [pid 6715] memfd_create("syzkaller", 0 [pid 6716] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 149 [pid 6716] <... prctl resumed>) = 0 [pid 6716] setpgid(0, 0) = 0 [pid 6716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6716] write(3, "1000", 4) = 4 [pid 6712] munmap(0x7f7017800000, 138412032 [pid 6716] close(3 [pid 6712] <... munmap resumed>) = 0 [pid 6716] <... close resumed>) = 0 [pid 6714] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6716] write(1, "executing program\n", 18) = 18 [pid 6716] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6716] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6717 attached => {parent_tid=[150]}, 88) = 150 [pid 6717] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6716] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] <... rseq resumed>) = 0 [pid 6716] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6717] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6712] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6718 attached [pid 6717] memfd_create("syzkaller", 0 [pid 6715] <... memfd_create resumed>) = 3 [pid 6714] <... clone3 resumed> => {parent_tid=[157]}, 88) = 157 [pid 6715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6712] ioctl(4, LOOP_SET_FD, 3 [pid 6718] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6715] <... mmap resumed>) = 0x7f7017800000 [pid 6714] rt_sigprocmask(SIG_SETMASK, [], [pid 6717] <... memfd_create resumed>) = 3 [pid 6717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6718] <... rseq resumed>) = 0 [pid 6714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6718] set_robust_list(0x7f701fd149a0, 24 [pid 6714] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] <... set_robust_list resumed>) = 0 [pid 6714] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6712] <... ioctl resumed>) = 0 [ 404.793476][ T6712] loop3: detected capacity change from 0 to 4096 [pid 6718] memfd_create("syzkaller", 0) = 3 [pid 6712] close(3 [pid 6718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6712] <... close resumed>) = 0 [pid 6718] <... mmap resumed>) = 0x7f7017800000 [pid 6712] close(4) = 0 [pid 6712] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6712] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6717] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6718] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6715] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6712] <... mount resumed>) = 0 [pid 6712] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6712] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6712] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6712] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... write resumed>) = 2097152 [pid 6712] <... futex resumed>) = 0 [pid 6718] munmap(0x7f7017800000, 138412032 [pid 6712] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6718] <... munmap resumed>) = 0 [pid 6717] <... write resumed>) = 2097152 [pid 6712] <... openat resumed>) = 4 [pid 6718] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6712] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... openat resumed>) = 4 [pid 6712] <... futex resumed>) = 1 [pid 6718] ioctl(4, LOOP_SET_FD, 3 [pid 6712] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] munmap(0x7f7017800000, 138412032 [pid 6711] <... futex resumed>) = 1 [pid 6711] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] <... futex resumed>) = 0 [pid 6712] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6715] <... write resumed>) = 2097152 [pid 6712] <... openat resumed>) = 5 [pid 6717] <... munmap resumed>) = 0 [pid 6715] munmap(0x7f7017800000, 138412032 [pid 6718] <... ioctl resumed>) = 0 [pid 6712] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] close(3 [pid 6717] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6712] <... futex resumed>) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6718] <... close resumed>) = 0 [pid 6717] <... openat resumed>) = 4 [pid 6712] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6711] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] close(4 [pid 6717] ioctl(4, LOOP_SET_FD, 3 [pid 6712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6711] <... futex resumed>) = 0 [pid 6718] <... close resumed>) = 0 [pid 6712] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6711] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6715] <... munmap resumed>) = 0 [pid 6712] <... write resumed>) = 1116 [pid 6712] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... mkdir resumed>) = 0 [pid 6712] <... futex resumed>) = 1 [pid 6711] <... futex resumed>) = 0 [ 404.993935][ T6718] loop1: detected capacity change from 0 to 4096 [ 405.029789][ T6717] loop4: detected capacity change from 0 to 4096 [pid 6711] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6712] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6711] <... futex resumed>) = 0 [pid 6718] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6715] <... openat resumed>) = 4 [pid 6711] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... ioctl resumed>) = 0 [pid 6715] ioctl(4, LOOP_SET_FD, 3 [pid 6712] <... mmap resumed>) = 0x200000000000 [pid 6717] close(3) = 0 [pid 6717] close(4) = 0 [pid 6712] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6712] <... futex resumed>) = 1 [pid 6717] <... mkdir resumed>) = 0 [pid 6711] <... futex resumed>) = 0 [pid 6712] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6711] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6712] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] <... ioctl resumed>) = 0 [pid 6712] <... futex resumed>) = 1 [pid 6711] <... futex resumed>) = 0 [pid 6711] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6711] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] close(3) = 0 [pid 6715] close(4) = 0 [pid 6715] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 405.056214][ T6715] loop2: detected capacity change from 0 to 4096 [pid 6715] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6710] +++ killed by SIGSEGV (core dumped) +++ [pid 6709] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=146, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- [pid 5868] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x37\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6717] <... mount resumed>) = 0 [pid 6717] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6717] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6717] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6717] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6716] <... futex resumed>) = 0 [pid 6716] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... futex resumed>) = 0 [pid 6715] <... mount resumed>) = 0 [pid 6718] <... mount resumed>) = 0 [pid 6717] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6715] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6718] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6715] <... openat resumed>) = 3 [pid 6718] <... openat resumed>) = 3 [pid 6715] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6715] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6718] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6715] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6718] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6715] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6715] <... futex resumed>) = 1 [pid 6718] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6718] <... futex resumed>) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6718] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6714] <... futex resumed>) = 0 [pid 6713] <... futex resumed>) = 0 [pid 6718] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6714] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6713] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6713] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... openat resumed>) = 4 [pid 6715] <... futex resumed>) = 0 [pid 6715] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6717] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6718] <... openat resumed>) = 4 [pid 6717] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6715] <... openat resumed>) = 4 [pid 6715] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] <... futex resumed>) = 0 [pid 6715] <... futex resumed>) = 1 [pid 6715] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6718] <... futex resumed>) = 1 [pid 6716] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6717] <... futex resumed>) = 0 [pid 6716] <... futex resumed>) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6713] <... futex resumed>) = 0 [pid 6717] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6714] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... openat resumed>) = 5 [pid 6716] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6713] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] <... futex resumed>) = 0 [pid 6713] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... openat resumed>) = 5 [pid 6717] <... futex resumed>) = 0 [pid 6715] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6718] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... futex resumed>) = 1 [pid 6718] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6715] <... openat resumed>) = 5 [pid 6714] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 6717] <... write resumed>) = 1116 [pid 6715] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x37\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6715] <... futex resumed>) = 1 [pid 6714] <... futex resumed>) = 1 [pid 6717] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6714] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... futex resumed>) = 1 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6718] <... futex resumed>) = 0 [pid 6716] <... futex resumed>) = 0 [pid 6713] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6718] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6716] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x37\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6718] <... write resumed>) = 1116 [pid 6717] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6716] <... futex resumed>) = 0 [pid 6715] <... futex resumed>) = 0 [pid 6713] <... futex resumed>) = 1 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6716] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6713] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] <... mmap resumed>) = 0x200000000000 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6718] <... futex resumed>) = 1 [pid 6715] <... write resumed>) = 1116 [pid 6714] <... futex resumed>) = 0 [pid 6718] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... openat resumed>) = 4 [pid 6718] <... futex resumed>) = 0 [pid 6717] <... futex resumed>) = 1 [pid 6716] <... futex resumed>) = 0 [pid 6715] <... futex resumed>) = 1 [pid 6714] <... futex resumed>) = 1 [pid 6713] <... futex resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 6715] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6717] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6713] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] <... futex resumed>) = 1 [pid 6718] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6716] <... futex resumed>) = 0 [pid 6713] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6718] <... mmap resumed>) = 0x200000000000 [pid 6717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] <... futex resumed>) = 0 [pid 5868] getdents64(4, [pid 6717] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6718] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6718] <... futex resumed>) = 1 [pid 6714] <... futex resumed>) = 0 [pid 6717] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6717] <... futex resumed>) = 1 [pid 6717] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6716] <... futex resumed>) = 0 [pid 6718] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] <... mmap resumed>) = 0x200000000000 [pid 6714] <... futex resumed>) = 0 [pid 5868] getdents64(4, [pid 6718] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] <... futex resumed>) = 0 [pid 6718] <... futex resumed>) = 0 [pid 6716] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6718] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6715] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] close(4 [pid 6715] <... futex resumed>) = 1 [pid 6713] <... futex resumed>) = 0 [pid 6715] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6714] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 6718] <... futex resumed>) = 0 [pid 6715] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6714] <... futex resumed>) = 1 [pid 6713] <... futex resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x37\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6718] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6715] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6714] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6713] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6715] <... futex resumed>) = 0 [pid 6713] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... rmdir resumed>) = 0 [pid 6715] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5868] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./70/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./70") = 0 [pid 5868] mkdir("./71", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6711] <... futex resumed>) = ? [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6712] +++ killed by SIGSEGV (core dumped) +++ [pid 6711] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=148, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6719 attached [pid 6719] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 148 [pid 6719] <... set_robust_list resumed>) = 0 [pid 6719] chdir("./71") = 0 [pid 6719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6719] setpgid(0, 0) = 0 [pid 6719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6719] write(3, "1000", 4) = 4 [pid 6719] close(3) = 0 [pid 6719] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6719] write(1, "executing program\n", 18) = 18 [pid 6719] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6719] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6719] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 6719] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6720 attached => {parent_tid=[149]}, 88) = 149 [pid 6719] rt_sigprocmask(SIG_SETMASK, [], [pid 6720] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6719] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6719] <... futex resumed>) = 0 [pid 6720] rt_sigprocmask(SIG_SETMASK, [], [pid 6719] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6720] memfd_create("syzkaller", 0) = 3 [pid 6720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6720] <... mmap resumed>) = 0x7f7017800000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 6713] <... futex resumed>) = ? [pid 5871] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./71/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./71") = 0 [pid 5871] mkdir("./72", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6715] +++ killed by SIGSEGV (core dumped) +++ [pid 6713] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=148, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... close resumed>) = 0 [pid 6720] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6716] <... futex resumed>) = ? executing program [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 150 ./strace-static-x86_64: Process 6721 attached [pid 6721] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6721] chdir("./72") = 0 [pid 6721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6721] setpgid(0, 0) = 0 [pid 6721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6717] +++ killed by SIGSEGV (core dumped) +++ [pid 6716] +++ killed by SIGSEGV (core dumped) +++ [pid 6714] <... futex resumed>) = ? [pid 6721] write(3, "1000", 4 [pid 6718] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=149, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 6721] <... write resumed>) = 4 [pid 6721] close(3) = 0 [pid 6721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6721] write(1, "executing program\n", 18) = 18 [pid 6721] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6721] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6722 attached => {parent_tid=[151]}, 88) = 151 [pid 6721] rt_sigprocmask(SIG_SETMASK, [], [pid 6714] +++ killed by SIGSEGV (core dumped) +++ [pid 6722] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6722] <... rseq resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=156, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [pid 5872] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6721] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 3 [pid 6721] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", [pid 5870] newfstatat(3, "", [pid 6721] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, [pid 5872] getdents64(3, [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6722] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6722] memfd_create("syzkaller", 0) = 3 [pid 6722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6720] <... write resumed>) = 2097152 [pid 6720] munmap(0x7f7017800000, 138412032 [pid 5869] <... umount2 resumed>) = 0 [pid 6722] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6720] <... munmap resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 6720] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./71/binderfs", [pid 6720] <... openat resumed>) = 4 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./71/binderfs") = 0 [pid 5869] getdents64(3, [pid 6720] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./71") = 0 [pid 5869] mkdir("./72", 0777 [pid 5870] <... umount2 resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5870] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./71/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./71") = 0 [pid 5870] mkdir("./72", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 6720] <... ioctl resumed>) = 0 [pid 6720] close(3 [pid 5872] <... umount2 resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6722] <... write resumed>) = 2097152 [pid 6720] <... close resumed>) = 0 [ 405.984713][ T6720] loop0: detected capacity change from 0 to 4096 [pid 6720] close(4 [pid 5872] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6720] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6720] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6720] <... mkdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6720] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 150 [pid 5872] <... openat resumed>) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, ./strace-static-x86_64: Process 6723 attached [pid 6722] munmap(0x7f7017800000, 138412032 [pid 6723] set_robust_list(0x55557616a6a0, 24 [pid 6722] <... munmap resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 6723] <... set_robust_list resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6723] chdir("./72" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./71/binderfs", [pid 6723] <... chdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6723] setpgid(0, 0 [pid 5872] unlink("./71/binderfs" [pid 6723] <... setpgid resumed>) = 0 [pid 6722] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... unlink resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 6723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6722] <... openat resumed>) = 4 [pid 6723] <... openat resumed>) = 3 [pid 5872] getdents64(3, [pid 6722] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./71") = 0 [pid 5872] mkdir("./72", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6723] write(3, "1000", 4 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6723] <... write resumed>) = 4 [pid 6723] close(3) = 0 [pid 6723] symlink("/dev/binderfs", "./binderfs" [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 158 [pid 6723] <... symlink resumed>) = 0 executing program [pid 6723] write(1, "executing program\n", 18) = 18 [pid 6723] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6722] <... ioctl resumed>) = 0 [pid 6723] <... mmap resumed>) = 0x7f701fcf4000 ./strace-static-x86_64: Process 6724 attached [pid 6723] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6722] close(3 [pid 6723] <... mprotect resumed>) = 0 [pid 6722] <... close resumed>) = 0 [pid 6722] close(4 [pid 6724] set_robust_list(0x55557616a6a0, 24 [pid 6723] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6722] <... close resumed>) = 0 [pid 6724] <... set_robust_list resumed>) = 0 [pid 6724] chdir("./72" [pid 6723] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6722] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] <... close resumed>) = 0 [pid 6723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6725 attached [pid 6724] <... chdir resumed>) = 0 [pid 6722] <... mkdir resumed>) = 0 [pid 6720] <... mount resumed>) = 0 [pid 6725] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6723] <... clone3 resumed> => {parent_tid=[151]}, 88) = 151 [pid 6722] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6720] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6724] setpgid(0, 0 [pid 6720] <... openat resumed>) = 3 [pid 6724] <... setpgid resumed>) = 0 [pid 6724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6723] rt_sigprocmask(SIG_SETMASK, [], [pid 6720] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6724] <... openat resumed>) = 3 [pid 6723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6720] <... chdir resumed>) = 0 [pid 6725] <... rseq resumed>) = 0 [pid 6724] write(3, "1000", 4 [pid 6723] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6724] <... write resumed>) = 4 [pid 6724] close(3) = 0 [pid 6724] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6724] write(1, "executing program\n", 18 [ 406.083986][ T6722] loop3: detected capacity change from 0 to 4096 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6726 attached [pid 6724] <... write resumed>) = 18 [pid 6726] set_robust_list(0x55557616a6a0, 24 [pid 6725] set_robust_list(0x7f701fd149a0, 24 [pid 6723] <... futex resumed>) = 0 [pid 6720] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6725] <... set_robust_list resumed>) = 0 [pid 6723] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6725] rt_sigprocmask(SIG_SETMASK, [], [pid 6720] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... set_robust_list resumed>) = 0 [pid 6725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6724] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6726] chdir("./72" [pid 6725] memfd_create("syzkaller", 0 [pid 6724] <... futex resumed>) = 0 [pid 6720] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6719] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... chdir resumed>) = 0 [pid 6724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6719] <... futex resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 151 [pid 6724] <... mmap resumed>) = 0x7f701fcf4000 [pid 6719] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6726] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6725] <... memfd_create resumed>) = 3 [pid 6724] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6726] <... prctl resumed>) = 0 [pid 6725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6726] setpgid(0, 0 [pid 6724] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6726] <... setpgid resumed>) = 0 [pid 6724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6727 attached [pid 6726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6725] <... mmap resumed>) = 0x7f7017800000 [pid 6727] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6726] <... openat resumed>) = 3 [pid 6727] set_robust_list(0x7f701fd149a0, 24 [pid 6724] <... clone3 resumed> => {parent_tid=[159]}, 88) = 159 [pid 6727] <... set_robust_list resumed>) = 0 [pid 6726] write(3, "1000", 4 [pid 6724] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] <... write resumed>) = 4 [pid 6726] close(3 [pid 6727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6726] <... close resumed>) = 0 [pid 6727] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6726] symlink("/dev/binderfs", "./binderfs" [pid 6724] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = 0 [pid 6724] <... futex resumed>) = 1 [pid 6727] memfd_create("syzkaller", 0 [pid 6726] <... symlink resumed>) = 0 [pid 6724] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6727] <... memfd_create resumed>) = 3 executing program [pid 6726] write(1, "executing program\n", 18 [pid 6720] <... openat resumed>) = 4 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6726] <... write resumed>) = 18 [pid 6727] <... mmap resumed>) = 0x7f7017800000 [pid 6726] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6720] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... mmap resumed>) = 0x7f701fcf4000 [pid 6720] <... futex resumed>) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6726] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6720] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6719] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... mprotect resumed>) = 0 [pid 6726] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6720] <... openat resumed>) = 5 [pid 6726] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6720] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6720] <... futex resumed>) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116./strace-static-x86_64: Process 6728 attached [pid 6726] <... clone3 resumed> => {parent_tid=[152]}, 88) = 152 [pid 6720] <... write resumed>) = 1116 [pid 6726] rt_sigprocmask(SIG_SETMASK, [], [pid 6720] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6720] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6719] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6720] <... mmap resumed>) = 0x200000000000 [pid 6719] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... rseq resumed>) = 0 [pid 6728] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6720] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 0 [pid 6720] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6728] memfd_create("syzkaller", 0 [pid 6719] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6719] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... memfd_create resumed>) = 3 [pid 6728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6720] <... futex resumed>) = 0 [pid 6728] <... mmap resumed>) = 0x7f7017800000 [pid 6720] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6720] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6719] <... futex resumed>) = 0 [pid 6727] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6725] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6722] <... mount resumed>) = 0 [pid 6722] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6722] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6722] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6722] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6721] <... futex resumed>) = 0 [pid 6722] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6721] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6727] <... write resumed>) = 2097152 [pid 6725] <... write resumed>) = 2097152 [pid 6722] <... openat resumed>) = 4 [pid 6721] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6727] munmap(0x7f7017800000, 138412032) = 0 [pid 6722] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] <... futex resumed>) = 0 [pid 6721] <... futex resumed>) = 0 [pid 6722] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6721] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6722] <... openat resumed>) = 5 [pid 6727] <... openat resumed>) = 4 [pid 6722] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] ioctl(4, LOOP_SET_FD, 3 [pid 6722] <... futex resumed>) = 1 [pid 6721] <... futex resumed>) = 0 [pid 6725] munmap(0x7f7017800000, 138412032 [pid 6722] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6721] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6721] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] <... munmap resumed>) = 0 [pid 6728] <... write resumed>) = 2097152 [pid 6727] <... ioctl resumed>) = 0 [pid 6722] <... write resumed>) = 1116 [pid 6727] close(3 [pid 6722] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... close resumed>) = 0 [pid 6725] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6722] <... futex resumed>) = 1 [pid 6721] <... futex resumed>) = 0 [pid 6727] close(4 [pid 6721] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... close resumed>) = 0 [pid 6725] <... openat resumed>) = 4 [pid 6722] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6727] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6722] <... mmap resumed>) = 0x200000000000 [pid 6727] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6722] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] ioctl(4, LOOP_SET_FD, 3 [pid 6721] <... futex resumed>) = 0 [pid 6722] <... futex resumed>) = 0 [ 406.406330][ T6727] loop1: detected capacity change from 0 to 4096 [pid 6728] munmap(0x7f7017800000, 138412032 [pid 6722] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6728] <... munmap resumed>) = 0 [pid 6725] <... ioctl resumed>) = 0 [pid 6721] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] close(3 [pid 6722] <... futex resumed>) = 0 [pid 6721] <... futex resumed>) = 1 [pid 6725] <... close resumed>) = 0 [pid 6722] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6721] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] close(4 [pid 6722] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6725] <... close resumed>) = 0 [pid 6722] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6722] <... futex resumed>) = 1 [pid 6721] <... futex resumed>) = 0 [pid 6725] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6722] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6721] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6721] <... futex resumed>) = 0 [pid 6722] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6721] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 406.449297][ T6725] loop2: detected capacity change from 0 to 4096 [pid 6728] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6728] close(3) = 0 [pid 6728] close(4) = 0 [ 406.506693][ T6728] loop4: detected capacity change from 0 to 4096 [pid 6728] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6728] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6727] <... mount resumed>) = 0 [pid 6727] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6727] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6727] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6725] <... mount resumed>) = 0 [pid 6727] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6725] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6727] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... openat resumed>) = 3 [pid 6725] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6727] <... futex resumed>) = 1 [pid 6725] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6724] <... futex resumed>) = 0 [pid 6727] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6725] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6724] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6724] <... futex resumed>) = 0 [pid 6724] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6727] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6725] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6723] <... futex resumed>) = 0 [pid 6725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6723] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] <... openat resumed>) = 4 [pid 6727] <... openat resumed>) = 4 [pid 6727] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6724] <... futex resumed>) = 0 [pid 6727] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6725] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... futex resumed>) = 1 [pid 6724] <... futex resumed>) = 0 [pid 6723] <... futex resumed>) = 0 [pid 6724] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... openat resumed>) = 5 [pid 6725] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6727] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 1 [pid 6724] <... futex resumed>) = 0 [pid 6723] <... futex resumed>) = 0 [pid 6727] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6725] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6720] +++ killed by SIGSEGV (core dumped) +++ [pid 6719] +++ killed by SIGSEGV (core dumped) +++ [pid 6724] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... futex resumed>) = 0 [pid 6725] <... futex resumed>) = 0 [pid 6724] <... futex resumed>) = 1 [pid 6723] <... futex resumed>) = 1 [pid 6728] <... mount resumed>) = 0 [pid 6727] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6725] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6724] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=148, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 6728] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6725] <... write resumed>) = 1116 [pid 6728] <... openat resumed>) = 3 [pid 6727] <... write resumed>) = 1116 [pid 6725] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6727] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6727] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 1 [pid 6724] <... futex resumed>) = 0 [pid 6723] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6728] <... chdir resumed>) = 0 [pid 6727] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6725] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6724] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6728] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6725] <... mmap resumed>) = 0x200000000000 [pid 6724] <... futex resumed>) = 0 [pid 6723] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6728] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] <... mmap resumed>) = 0x200000000000 [pid 5868] newfstatat(3, "", [pid 6724] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... futex resumed>) = 1 [pid 6727] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6728] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] <... futex resumed>) = 1 [pid 6726] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = 0 [pid 5868] getdents64(3, [pid 6728] <... futex resumed>) = 0 [pid 6727] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 1 [pid 6724] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6728] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6724] <... futex resumed>) = 0 [pid 6723] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6728] <... openat resumed>) = 4 [pid 6728] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] <... futex resumed>) = 0 [pid 6728] <... futex resumed>) = 0 [pid 6723] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6728] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6726] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = 1 [pid 6728] <... futex resumed>) = 0 [pid 6727] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6726] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6728] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6725] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6728] <... openat resumed>) = 5 [pid 6727] <... futex resumed>) = 1 [pid 6725] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = 0 [pid 6725] <... futex resumed>) = 1 [pid 6724] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6728] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = 0 [pid 6723] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 1 [pid 6724] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] <... futex resumed>) = 0 [pid 6728] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] <... futex resumed>) = 0 [pid 6723] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6728] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6728] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... futex resumed>) = 0 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6726] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 1 [pid 6728] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6728] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 1 [pid 6728] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6726] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6728] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6728] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6728] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6726] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6726] <... futex resumed>) = 1 [pid 6728] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5868] <... umount2 resumed>) = 0 [pid 6721] <... futex resumed>) = ? [pid 5868] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6722] +++ killed by SIGSEGV (core dumped) +++ [pid 6721] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=150, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5868] umount2("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... openat resumed>) = 3 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x37\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./71/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./71") = 0 [pid 5868] mkdir("./72", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6729 attached [pid 6729] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6729] <... set_robust_list resumed>) = 0 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 150 [pid 6729] chdir("./72" [pid 5871] <... openat resumed>) = 4 [pid 6729] <... chdir resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 6729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6729] setpgid(0, 0 [pid 5871] getdents64(4, [pid 6729] <... setpgid resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6729] <... openat resumed>) = 3 [pid 5871] close(4 [pid 6729] write(3, "1000", 4 [pid 6724] <... futex resumed>) = ? [pid 6723] <... futex resumed>) = ? [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6729] <... write resumed>) = 4 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6725] +++ killed by SIGSEGV (core dumped) +++ [pid 6723] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] unlink("./72/binderfs") = 0 [pid 5871] getdents64(3, [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=150, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 6729] close(3 [pid 5871] close(3 [pid 6729] <... close resumed>) = 0 [pid 6729] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... close resumed>) = 0 [pid 6729] <... symlink resumed>) = 0 [pid 5871] rmdir("./72" [pid 6729] write(1, "executing program\n", 18 [pid 5871] <... rmdir resumed>) = 0 executing program [pid 6729] <... write resumed>) = 18 [pid 6728] +++ killed by SIGSEGV (core dumped) +++ [pid 6726] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] mkdir("./73", 0777 [pid 6729] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... mkdir resumed>) = 0 [pid 6729] <... futex resumed>) = 0 [pid 6727] +++ killed by SIGSEGV (core dumped) +++ [pid 6724] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=151, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... restart_syscall resumed>) = 0 [pid 6729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6729] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=158, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 6729] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... openat resumed>) = 3 [pid 6729] <... mprotect resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5872] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... ioctl resumed>) = 0 [pid 5869] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6729] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] close(3 [pid 5870] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6729] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5872] <... openat resumed>) = 3 [pid 5870] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", [pid 5870] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] newfstatat(3, "", [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, ./strace-static-x86_64: Process 6730 attached [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] getdents64(3, [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6729] <... clone3 resumed> => {parent_tid=[151]}, 88) = 151 [pid 6730] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6729] rt_sigprocmask(SIG_SETMASK, [], [pid 6730] <... rseq resumed>) = 0 [pid 6729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6730] set_robust_list(0x7f701fd149a0, 24 [pid 6729] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... set_robust_list resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] <... close resumed>) = 0 [pid 6730] memfd_create("syzkaller", 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6731 attached [pid 6730] <... memfd_create resumed>) = 3 [pid 6729] <... futex resumed>) = 0 [pid 6731] set_robust_list(0x55557616a6a0, 24 [pid 6730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6729] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 152 [pid 6731] <... set_robust_list resumed>) = 0 [pid 6730] <... mmap resumed>) = 0x7f7017800000 [pid 6731] chdir("./73") = 0 [pid 6731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6731] setpgid(0, 0) = 0 [pid 6731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6731] write(3, "1000", 4) = 4 [pid 6731] close(3) = 0 [pid 6731] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6731] write(1, "executing program\n", 18) = 18 [pid 6731] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6731] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6730] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6731] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[153]}, 88) = 153 [pid 6731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6731] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6732 attached [pid 6732] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6732] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6732] memfd_create("syzkaller", 0) = 3 [pid 6732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5872] <... umount2 resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./72/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./72" [pid 5872] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... rmdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] mkdir("./73", 0777 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] <... openat resumed>) = 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5869] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 6732] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6730] <... write resumed>) = 2097152 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", [pid 5872] <... openat resumed>) = 4 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6730] munmap(0x7f7017800000, 138412032 [pid 5872] newfstatat(4, "", [pid 5869] getdents64(4, [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 6730] <... munmap resumed>) = 0 [pid 5872] getdents64(4, [pid 5869] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] rmdir("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6730] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] getdents64(4, [pid 6730] <... openat resumed>) = 4 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6730] ioctl(4, LOOP_SET_FD, 3 [pid 5872] close(4 [pid 5869] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] rmdir("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] unlink("./72/binderfs") = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6730] <... ioctl resumed>) = 0 [pid 5869] getdents64(3, [pid 6730] close(3 [pid 5872] newfstatat(AT_FDCWD, "./72/binderfs", [pid 6730] <... close resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6732] <... write resumed>) = 2097152 [pid 6730] close(4 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] close(3 [pid 6730] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5872] unlink("./72/binderfs" [pid 6730] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] rmdir("./72" [pid 6732] munmap(0x7f7017800000, 138412032 [pid 6730] <... mkdir resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./73", 0777) = 0 [pid 5872] getdents64(3, [pid 6730] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 6732] <... munmap resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./72") = 0 [pid 5870] <... close resumed>) = 0 [pid 6732] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] mkdir("./73", 0777 [pid 6732] <... openat resumed>) = 4 [pid 5872] <... mkdir resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6732] ioctl(4, LOOP_SET_FD, 3 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 407.520437][ T6730] loop0: detected capacity change from 0 to 4096 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6734 attached ./strace-static-x86_64: Process 6733 attached [pid 6732] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 6734] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 152 [pid 6734] <... set_robust_list resumed>) = 0 [pid 6733] set_robust_list(0x55557616a6a0, 24 [pid 6732] close(3 [pid 6733] <... set_robust_list resumed>) = 0 [pid 6732] <... close resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 160 [pid 6734] chdir("./73" [pid 6733] chdir("./73" [pid 6732] close(4 [pid 6734] <... chdir resumed>) = 0 [pid 6733] <... chdir resumed>) = 0 [pid 6732] <... close resumed>) = 0 [pid 6732] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6733] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6732] <... mkdir resumed>) = 0 [pid 6734] setpgid(0, 0 [pid 6733] <... prctl resumed>) = 0 [pid 6732] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6733] setpgid(0, 0) = 0 [pid 6734] <... setpgid resumed>) = 0 [pid 6733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6733] <... openat resumed>) = 3 [pid 6733] write(3, "1000", 4) = 4 [pid 6734] <... openat resumed>) = 3 [pid 6734] write(3, "1000", 4 [pid 6733] close(3 [pid 6734] <... write resumed>) = 4 [pid 6733] <... close resumed>) = 0 [pid 6734] close(3 [pid 6733] symlink("/dev/binderfs", "./binderfs" [pid 6734] <... close resumed>) = 0 [pid 6733] <... symlink resumed>) = 0 [pid 6734] symlink("/dev/binderfs", "./binderfs"executing program [pid 6733] write(1, "executing program\n", 18) = 18 [pid 6734] <... symlink resumed>) = 0 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6733] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6733] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 6734] write(1, "executing program\n", 18) = 18 [pid 6734] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 407.576275][ T6732] loop3: detected capacity change from 0 to 4096 [pid 6734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6733] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6734] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6734] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6735 attached [pid 6734] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6733] <... clone3 resumed> => {parent_tid=[161]}, 88) = 161 [pid 5872] <... close resumed>) = 0 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6733] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6735] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6735] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6737 attached ./strace-static-x86_64: Process 6736 attached [pid 6735] memfd_create("syzkaller", 0 [pid 6737] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6736] set_robust_list(0x55557616a6a0, 24 [pid 6735] <... memfd_create resumed>) = 3 [pid 6734] <... clone3 resumed> => {parent_tid=[153]}, 88) = 153 [pid 6737] <... rseq resumed>) = 0 [pid 6736] <... set_robust_list resumed>) = 0 [pid 6735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6736] chdir("./73" [pid 6735] <... mmap resumed>) = 0x7f7017800000 [pid 6737] set_robust_list(0x7f701fd149a0, 24 [pid 6734] rt_sigprocmask(SIG_SETMASK, [], [pid 6737] <... set_robust_list resumed>) = 0 [pid 6736] <... chdir resumed>) = 0 [pid 6734] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 153 [pid 6737] rt_sigprocmask(SIG_SETMASK, [], [pid 6734] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6736] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6734] <... futex resumed>) = 0 [pid 6736] <... prctl resumed>) = 0 [pid 6734] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6736] setpgid(0, 0) = 0 [pid 6737] memfd_create("syzkaller", 0 [pid 6736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6737] <... memfd_create resumed>) = 3 [pid 6736] write(3, "1000", 4 [pid 6737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6736] <... write resumed>) = 4 [pid 6736] close(3) = 0 [pid 6736] symlink("/dev/binderfs", "./binderfs" [pid 6737] <... mmap resumed>) = 0x7f7017800000 [pid 6736] <... symlink resumed>) = 0 [pid 6730] <... mount resumed>) = 0 executing program [pid 6736] write(1, "executing program\n", 18) = 18 [pid 6730] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6736] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... mount resumed>) = 0 [pid 6730] <... openat resumed>) = 3 [pid 6736] <... futex resumed>) = 0 [pid 6732] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6730] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6732] <... openat resumed>) = 3 [pid 6730] <... chdir resumed>) = 0 [pid 6736] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6732] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6730] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6736] <... mprotect resumed>) = 0 [pid 6732] <... chdir resumed>) = 0 [pid 6730] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6736] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6732] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6730] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6732] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6730] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6732] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6732] <... futex resumed>) = 1 [pid 6731] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6738 attached [pid 6737] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6732] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6731] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6736] <... clone3 resumed> => {parent_tid=[154]}, 88) = 154 [pid 6738] <... rseq resumed>) = 0 [pid 6736] rt_sigprocmask(SIG_SETMASK, [], [pid 6738] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6738] rt_sigprocmask(SIG_SETMASK, [], [pid 6736] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6736] <... futex resumed>) = 0 [pid 6738] memfd_create("syzkaller", 0 [pid 6736] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6735] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6730] <... openat resumed>) = 4 [pid 6730] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... memfd_create resumed>) = 3 [pid 6730] <... futex resumed>) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6729] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... mmap resumed>) = 0x7f7017800000 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6732] <... openat resumed>) = 4 [pid 6730] <... openat resumed>) = 5 [pid 6730] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... futex resumed>) = 1 [pid 6732] <... futex resumed>) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6730] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6731] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... write resumed>) = 1116 [pid 6731] <... futex resumed>) = 0 [pid 6730] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6729] <... futex resumed>) = 0 [pid 6730] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6729] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6731] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... mmap resumed>) = 0x200000000000 [pid 6729] <... futex resumed>) = 0 [pid 6730] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] <... openat resumed>) = 5 [pid 6730] <... futex resumed>) = 0 [pid 6729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6730] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6729] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6730] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6729] <... futex resumed>) = 0 [pid 6730] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6729] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... futex resumed>) = 0 [pid 6729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6730] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6729] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6732] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6732] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] <... write resumed>) = 2097152 [pid 6732] <... futex resumed>) = 1 [pid 6737] munmap(0x7f7017800000, 138412032 [pid 6738] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6737] <... munmap resumed>) = 0 [pid 6732] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6737] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6732] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6732] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6735] <... write resumed>) = 2097152 [pid 6732] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6731] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6731] <... futex resumed>) = 0 [pid 6737] ioctl(4, LOOP_SET_FD, 3 [pid 6732] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6731] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] <... ioctl resumed>) = 0 [pid 6737] close(3) = 0 [pid 6735] munmap(0x7f7017800000, 138412032 [pid 6737] close(4) = 0 [pid 6737] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6735] <... munmap resumed>) = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6737] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6735] <... openat resumed>) = 4 [ 407.898037][ T6737] loop2: detected capacity change from 0 to 4096 [pid 6735] ioctl(4, LOOP_SET_FD, 3 [pid 6738] <... write resumed>) = 2097152 [pid 6735] <... ioctl resumed>) = 0 [pid 6735] close(3 [pid 6738] munmap(0x7f7017800000, 138412032 [pid 6735] <... close resumed>) = 0 [pid 6735] close(4 [pid 6738] <... munmap resumed>) = 0 [pid 6735] <... close resumed>) = 0 [pid 6735] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 407.945821][ T6735] loop1: detected capacity change from 0 to 4096 [pid 6735] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6738] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6738] close(3) = 0 [pid 6738] close(4) = 0 [pid 6738] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 408.024085][ T6738] loop4: detected capacity change from 0 to 4096 [pid 6738] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6737] <... mount resumed>) = 0 [pid 6737] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6737] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6737] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6737] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6737] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] <... futex resumed>) = 0 [pid 6734] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6735] <... mount resumed>) = 0 [pid 6734] <... futex resumed>) = 1 [pid 6734] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6735] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6735] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6737] <... openat resumed>) = 4 [pid 6735] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6733] <... futex resumed>) = 0 [pid 6733] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6735] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6734] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6734] <... futex resumed>) = 0 [pid 6737] <... openat resumed>) = 5 [pid 6737] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6734] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6737] <... futex resumed>) = 0 [pid 6737] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6734] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] <... write resumed>) = 1116 [pid 6737] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6734] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6734] <... futex resumed>) = 1 [pid 6737] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6734] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6737] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] <... openat resumed>) = 4 [pid 6734] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6735] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... futex resumed>) = 1 [pid 6733] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6737] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6735] <... futex resumed>) = 0 [pid 6734] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6735] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6733] <... futex resumed>) = 0 [pid 6737] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6737] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6735] <... openat resumed>) = 5 [pid 6734] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6737] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6735] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6733] <... futex resumed>) = 0 [pid 6733] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6735] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6733] <... futex resumed>) = 0 [pid 6733] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6735] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6733] <... futex resumed>) = 0 [pid 6733] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6735] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6733] <... futex resumed>) = 0 [pid 6733] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6738] <... mount resumed>) = 0 [pid 6738] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6738] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6738] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6738] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6736] <... futex resumed>) = 0 [pid 6738] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6736] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] <... openat resumed>) = 4 [pid 6736] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] <... futex resumed>) = ? [pid 6738] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = ? [pid 6738] <... futex resumed>) = 1 [pid 6736] <... futex resumed>) = 0 [pid 6738] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6736] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6736] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] <... openat resumed>) = 5 [pid 6730] +++ killed by SIGSEGV (core dumped) +++ [pid 6729] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=150, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6738] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] +++ killed by SIGSEGV (core dumped) +++ [pid 6731] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... restart_syscall resumed>) = 0 [pid 6738] <... futex resumed>) = 1 [pid 6736] <... futex resumed>) = 0 [pid 6736] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=152, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5868] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6738] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6736] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6738] <... write resumed>) = 1116 [pid 6736] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... restart_syscall resumed>) = 0 [pid 5868] getdents64(3, [pid 6738] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6738] <... futex resumed>) = 1 [pid 6738] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6736] <... futex resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6736] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6738] <... futex resumed>) = 0 [pid 6736] <... futex resumed>) = 1 [pid 5871] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6736] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... openat resumed>) = 3 [pid 6738] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5871] newfstatat(3, "", [pid 6738] <... mmap resumed>) = 0x200000000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6738] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] getdents64(3, [pid 6738] <... futex resumed>) = 1 [pid 6736] <... futex resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6738] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6736] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6738] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6738] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6736] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5871] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6738] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6736] <... futex resumed>) = 0 [pid 6736] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6736] <... futex resumed>) = ? [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 5871] <... umount2 resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] getdents64(4, [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] close(4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... close resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] rmdir("\x2e\x2f\x37\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6734] <... futex resumed>) = ? [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... rmdir resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5868] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] newfstatat(4, "", [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5871] getdents64(4, [pid 6737] +++ killed by SIGSEGV (core dumped) +++ [pid 6734] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] getdents64(4, [pid 5868] unlink("./72/binderfs" [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=152, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5869] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 5871] close(4 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... close resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] getdents64(3, [pid 5869] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... rmdir resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] close(3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./72" [pid 5871] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./73", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5871] unlink("./73/binderfs" [pid 6733] <... futex resumed>) = ? [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 6735] +++ killed by SIGSEGV (core dumped) +++ [pid 6733] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... close resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=160, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5871] rmdir("./73") = 0 [pid 5871] mkdir("./74", 0777 [pid 5870] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] <... openat resumed>) = 3 [pid 5868] <... close resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5870] newfstatat(3, "", [pid 5871] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] close(3 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6739 attached [pid 6739] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 152 [pid 6739] <... set_robust_list resumed>) = 0 [pid 6739] chdir("./73") = 0 [pid 6739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6739] setpgid(0, 0) = 0 [pid 6739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 6739] write(3, "1000", 4 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6739] <... write resumed>) = 4 [pid 6739] close(3) = 0 ./strace-static-x86_64: Process 6740 attached [pid 6739] symlink("/dev/binderfs", "./binderfs" [pid 5869] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6740] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 154 [pid 6740] <... set_robust_list resumed>) = 0 [pid 6739] <... symlink resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6740] chdir("./74" [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6739] write(1, "executing program\n", 18 [pid 6740] <... chdir resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6739] <... write resumed>) = 18 [pid 6740] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6739] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6740] <... prctl resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6739] <... futex resumed>) = 0 [pid 6740] setpgid(0, 0 [pid 6739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] <... openat resumed>) = 4 [pid 6740] <... setpgid resumed>) = 0 [pid 6739] <... mmap resumed>) = 0x7f701fcf4000 [pid 5869] newfstatat(4, "", [pid 6740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6739] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6739] <... mprotect resumed>) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 6739] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] getdents64(4, [pid 6740] <... openat resumed>) = 3 [pid 6739] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6740] write(3, "1000", 4 [pid 6739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6738] +++ killed by SIGSEGV (core dumped) +++ [pid 6736] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] close(4 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=153, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- [pid 5869] <... close resumed>) = 0 ./strace-static-x86_64: Process 6741 attached [pid 6740] <... write resumed>) = 4 [pid 6739] <... clone3 resumed> => {parent_tid=[153]}, 88) = 153 [pid 5872] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] rmdir("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6741] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6740] close(3 [pid 6739] rt_sigprocmask(SIG_SETMASK, [], [pid 6741] <... rseq resumed>) = 0 [pid 6739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6741] set_robust_list(0x7f701fd149a0, 24 [pid 6740] <... close resumed>) = 0 [pid 6739] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... rmdir resumed>) = 0 [pid 6741] <... set_robust_list resumed>) = 0 [pid 6740] symlink("/dev/binderfs", "./binderfs" [pid 6739] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5869] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6741] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] newfstatat(3, "", [pid 6741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6740] <... symlink resumed>) = 0 [pid 6739] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6741] memfd_create("syzkaller", 0 [pid 5872] getdents64(3, [pid 6741] <... memfd_create resumed>) = 3 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(AT_FDCWD, "./73/binderfs", executing program [pid 6741] <... mmap resumed>) = 0x7f7017800000 [pid 6740] write(1, "executing program\n", 18 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6740] <... write resumed>) = 18 [pid 5869] unlink("./73/binderfs" [pid 6740] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6740] <... futex resumed>) = 0 [pid 5869] getdents64(3, [pid 6740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6740] <... mmap resumed>) = 0x7f701fcf4000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] close(3 [pid 6740] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] <... close resumed>) = 0 [pid 6740] <... mprotect resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] rmdir("./73" [pid 5870] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] <... rmdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] mkdir("./74", 0777 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 5869] <... mkdir resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6740] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] getdents64(4, [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, [pid 5869] <... openat resumed>) = 3 [pid 6740] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] close(4 [pid 5869] <... ioctl resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5869] close(3 [pid 5870] rmdir("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38"./strace-static-x86_64: Process 6742 attached [pid 6742] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5870] <... rmdir resumed>) = 0 [pid 6740] <... clone3 resumed> => {parent_tid=[155]}, 88) = 155 [pid 5870] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6742] <... rseq resumed>) = 0 [pid 6742] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6742] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6740] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6741] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] newfstatat(AT_FDCWD, "./73/binderfs", [pid 6740] <... futex resumed>) = 1 [pid 6742] <... futex resumed>) = 0 [pid 6740] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6742] memfd_create("syzkaller", 0 [pid 5869] <... close resumed>) = 0 [pid 6742] <... memfd_create resumed>) = 3 [pid 5870] unlink("./73/binderfs" [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 6743 attached [pid 5870] <... unlink resumed>) = 0 [pid 6743] set_robust_list(0x55557616a6a0, 24 [pid 6741] <... write resumed>) = 2097152 [pid 5870] getdents64(3, [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 154 [pid 6743] <... set_robust_list resumed>) = 0 [pid 6741] munmap(0x7f7017800000, 138412032 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6743] chdir("./74" [pid 5870] close(3) = 0 [pid 6743] <... chdir resumed>) = 0 [pid 5870] rmdir("./73") = 0 [pid 6743] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] mkdir("./74", 0777 [pid 6743] <... prctl resumed>) = 0 [pid 6741] <... munmap resumed>) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 6743] setpgid(0, 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6743] <... setpgid resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 6743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6741] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] ioctl(3, LOOP_CLR_FD [pid 6743] <... openat resumed>) = 3 [pid 5870] <... ioctl resumed>) = 0 [pid 6743] write(3, "1000", 4) = 4 executing program [pid 6743] close(3 [pid 6741] <... openat resumed>) = 4 [pid 5872] <... umount2 resumed>) = 0 [pid 5870] close(3 [pid 6743] <... close resumed>) = 0 [pid 6742] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6741] ioctl(4, LOOP_SET_FD, 3 [pid 6743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6743] write(1, "executing program\n", 18) = 18 [pid 6743] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6743] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6741] <... ioctl resumed>) = 0 [pid 6743] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[155]}, 88) = 155 [pid 6743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6743] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6744 attached [pid 6741] close(3) = 0 [pid 6741] close(4) = 0 [pid 6741] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6744] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6741] <... mkdir resumed>) = 0 [pid 6744] <... rseq resumed>) = 0 [pid 6744] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6741] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6744] memfd_create("syzkaller", 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6744] <... memfd_create resumed>) = 3 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 6744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [ 408.979918][ T6741] loop0: detected capacity change from 0 to 4096 [pid 5872] close(4) = 0 [pid 6742] <... write resumed>) = 2097152 [pid 5872] rmdir("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5870] <... close resumed>) = 0 [pid 6742] munmap(0x7f7017800000, 138412032 [pid 5872] <... rmdir resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./73/binderfs", ./strace-static-x86_64: Process 6745 attached {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6745] set_robust_list(0x55557616a6a0, 24 [pid 5872] unlink("./73/binderfs" [pid 6745] <... set_robust_list resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 162 [pid 5872] <... unlink resumed>) = 0 [pid 5872] getdents64(3, [pid 6745] chdir("./74" [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 6745] <... chdir resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./73" [pid 6745] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] <... rmdir resumed>) = 0 [pid 6745] <... prctl resumed>) = 0 [pid 5872] mkdir("./74", 0777 [pid 6745] setpgid(0, 0 [pid 5872] <... mkdir resumed>) = 0 [pid 6745] <... setpgid resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... openat resumed>) = 3 [pid 6745] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 6745] write(3, "1000", 4 [pid 5872] close(3 [pid 6745] <... write resumed>) = 4 [pid 6742] <... munmap resumed>) = 0 [pid 6745] close(3) = 0 [pid 6745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6742] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... close resumed>) = 0 [pid 6742] <... openat resumed>) = 4 [pid 6742] ioctl(4, LOOP_SET_FD, 3 [pid 6745] write(1, "executing program\n", 18executing program ) = 18 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6745] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6745] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6747 attached ./strace-static-x86_64: Process 6746 attached => {parent_tid=[163]}, 88) = 163 [pid 6747] set_robust_list(0x55557616a6a0, 24 [pid 6745] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 155 [pid 6745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6747] <... set_robust_list resumed>) = 0 [pid 6745] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6745] <... futex resumed>) = 0 [pid 6746] <... rseq resumed>) = 0 [pid 6746] set_robust_list(0x7f701fd149a0, 24 [pid 6747] chdir("./74" [pid 6745] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6746] <... set_robust_list resumed>) = 0 [pid 6746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6747] <... chdir resumed>) = 0 [pid 6747] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6746] memfd_create("syzkaller", 0 [pid 6742] <... ioctl resumed>) = 0 [pid 6747] <... prctl resumed>) = 0 [pid 6744] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6747] setpgid(0, 0 [pid 6746] <... memfd_create resumed>) = 3 [pid 6742] close(3 [pid 6741] <... mount resumed>) = 0 [pid 6747] <... setpgid resumed>) = 0 [pid 6746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6741] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6742] <... close resumed>) = 0 [pid 6747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6742] close(4) = 0 [pid 6742] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6747] <... openat resumed>) = 3 [pid 6742] <... mkdir resumed>) = 0 [pid 6742] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6741] <... openat resumed>) = 3 [pid 6746] <... mmap resumed>) = 0x7f7017800000 [pid 6741] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6747] write(3, "1000", 4 [pid 6741] <... chdir resumed>) = 0 [pid 6747] <... write resumed>) = 4 [pid 6741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6741] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6739] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] close(3 [pid 6739] <... futex resumed>) = 0 [pid 6747] <... close resumed>) = 0 [pid 6739] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] symlink("/dev/binderfs", "./binderfs") = 0 [ 409.089316][ T6742] loop3: detected capacity change from 0 to 4096 [pid 6741] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 executing program [pid 6747] write(1, "executing program\n", 18) = 18 [pid 6747] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6741] <... openat resumed>) = 4 [pid 6747] <... mmap resumed>) = 0x7f701fcf4000 [pid 6747] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6741] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... mprotect resumed>) = 0 [pid 6741] <... futex resumed>) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6739] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6739] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6748 attached [pid 6739] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6747] <... clone3 resumed> => {parent_tid=[156]}, 88) = 156 [pid 6748] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6747] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... rseq resumed>) = 0 [pid 6747] <... futex resumed>) = 0 [pid 6741] <... openat resumed>) = 5 [pid 6748] set_robust_list(0x7f701fd149a0, 24 [pid 6747] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6748] <... set_robust_list resumed>) = 0 [pid 6748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6748] memfd_create("syzkaller", 0 [pid 6741] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6739] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6739] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6748] <... memfd_create resumed>) = 3 [pid 6741] <... write resumed>) = 1116 [pid 6741] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6739] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6739] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6741] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... mmap resumed>) = 0x7f7017800000 [pid 6744] <... write resumed>) = 2097152 [pid 6741] <... futex resumed>) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6739] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6739] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6741] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6739] <... futex resumed>) = 0 [pid 6739] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6739] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6744] munmap(0x7f7017800000, 138412032) = 0 [pid 6744] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6744] ioctl(4, LOOP_SET_FD, 3 [pid 6746] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6744] <... ioctl resumed>) = 0 [pid 6744] close(3) = 0 [pid 6744] close(4) = 0 [pid 6744] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6744] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6748] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6742] <... mount resumed>) = 0 [ 409.256951][ T6744] loop2: detected capacity change from 0 to 4096 [pid 6742] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6742] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6742] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6742] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6742] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6740] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... openat resumed>) = 4 [pid 6746] <... write resumed>) = 2097152 [pid 6742] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... openat resumed>) = 5 [pid 6742] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6746] munmap(0x7f7017800000, 138412032 [pid 6742] <... write resumed>) = 1116 [pid 6742] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6742] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6740] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] <... mmap resumed>) = 0x200000000000 [pid 6742] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... write resumed>) = 2097152 [pid 6746] <... munmap resumed>) = 0 [pid 6742] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6742] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6748] munmap(0x7f7017800000, 138412032 [pid 6740] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6742] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6748] <... munmap resumed>) = 0 [pid 6746] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6748] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6746] close(3 [pid 6748] <... openat resumed>) = 4 [pid 6746] <... close resumed>) = 0 [pid 6746] close(4) = 0 [pid 6746] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6748] ioctl(4, LOOP_SET_FD, 3 [pid 6746] <... mkdir resumed>) = 0 [pid 6746] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6744] <... mount resumed>) = 0 [pid 6748] <... ioctl resumed>) = 0 [ 409.434918][ T6746] loop1: detected capacity change from 0 to 4096 [ 409.466677][ T6748] loop4: detected capacity change from 0 to 4096 [pid 6748] close(3 [pid 6744] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6744] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6748] <... close resumed>) = 0 [pid 6744] <... chdir resumed>) = 0 [pid 6748] close(4 [pid 6744] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6748] <... close resumed>) = 0 [pid 6748] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6744] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6748] <... mkdir resumed>) = 0 [pid 6744] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6744] <... futex resumed>) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6744] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] <... futex resumed>) = 0 [pid 6744] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6743] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] <... openat resumed>) = 5 [pid 6744] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6744] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6743] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6744] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6744] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6743] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6744] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6744] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6743] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... mount resumed>) = 0 [pid 6739] <... futex resumed>) = ? [pid 6746] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6746] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6746] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6746] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = 0 [pid 6745] <... futex resumed>) = 1 [pid 6746] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6745] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... openat resumed>) = 4 [pid 6746] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6745] <... futex resumed>) = 0 [pid 6746] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6745] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6741] +++ killed by SIGSEGV (core dumped) +++ [pid 6739] +++ killed by SIGSEGV (core dumped) +++ [pid 6746] <... futex resumed>) = 1 [pid 6745] <... futex resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=152, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 6745] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6745] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5868] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6746] <... write resumed>) = 1116 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6746] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(3, [pid 6746] <... futex resumed>) = 1 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6746] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6745] <... futex resumed>) = 0 [pid 6745] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6746] <... futex resumed>) = 0 [pid 6746] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6746] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6745] <... futex resumed>) = 0 [pid 6746] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6745] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6746] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] <... futex resumed>) = 0 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... mount resumed>) = 0 [pid 6745] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6748] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6745] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... openat resumed>) = 3 [pid 6746] <... futex resumed>) = 0 [pid 6745] <... futex resumed>) = 1 [pid 6748] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6746] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6745] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... chdir resumed>) = 0 [pid 6748] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6748] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6748] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... futex resumed>) = 0 [pid 6747] <... futex resumed>) = 1 [pid 6747] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6748] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6748] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6740] <... futex resumed>) = ? [pid 6748] <... futex resumed>) = 0 [pid 6747] <... futex resumed>) = 1 [pid 6748] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6747] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... openat resumed>) = 5 [pid 6742] +++ killed by SIGSEGV (core dumped) +++ [pid 6740] +++ killed by SIGSEGV (core dumped) +++ [pid 6748] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=154, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 6748] <... futex resumed>) = 1 [pid 6747] <... futex resumed>) = 0 [pid 6748] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6747] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6748] <... write resumed>) = 1116 [pid 6747] <... futex resumed>) = 0 [pid 6748] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6748] <... futex resumed>) = 0 [pid 6747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6743] <... futex resumed>) = ? [pid 5868] <... umount2 resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6747] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6747] <... futex resumed>) = 0 [pid 6744] +++ killed by SIGSEGV (core dumped) +++ [pid 6748] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6747] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... openat resumed>) = 3 [pid 5868] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6748] <... mmap resumed>) = 0x200000000000 [pid 5871] newfstatat(3, "", [pid 6748] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6743] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6748] <... futex resumed>) = 1 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=154, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 6748] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] <... futex resumed>) = 0 [pid 5871] getdents64(3, [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6747] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6748] <... futex resumed>) = 0 [pid 6747] <... futex resumed>) = 1 [pid 5871] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6748] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6747] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6748] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6747] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6747] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... openat resumed>) = 4 [pid 6747] <... futex resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 6747] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 6748] <... futex resumed>) = 1 [pid 6748] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6747] <... futex resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x37\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./73/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./73") = 0 [pid 5868] mkdir("./74", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5869] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6749 attached [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 154 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6749] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6749] chdir("./74") = 0 [pid 6749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6749] setpgid(0, 0) = 0 [pid 6749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] getdents64(3, [pid 6749] write(3, "1000", 4) = 4 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6749] close(3) = 0 [pid 6749] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6749] write(1, "executing program\n", 18) = 18 [pid 6749] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6749] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[155]}, 88) = 155 ./strace-static-x86_64: Process 6750 attached [pid 6750] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6749] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6750] <... rseq resumed>) = 0 [pid 6750] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6750] memfd_create("syzkaller", 0) = 3 [pid 6750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6750] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... umount2 resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... openat resumed>) = 4 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] newfstatat(4, "", [pid 5871] <... openat resumed>) = 4 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] newfstatat(4, "", [pid 5869] getdents64(4, [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 5869] getdents64(4, [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] getdents64(4, [pid 5869] close(4 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... close resumed>) = 0 [pid 5871] close(4 [pid 5869] rmdir("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... close resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... rmdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5871] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] unlink("./74/binderfs" [pid 5871] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5871] unlink("./74/binderfs" [pid 5869] getdents64(3, [pid 6745] <... futex resumed>) = ? [pid 5871] <... unlink resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 5871] getdents64(3, [pid 5869] <... close resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] rmdir("./74" [pid 5871] close(3 [pid 5869] <... rmdir resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5869] mkdir("./75", 0777 [pid 5871] rmdir("./74" [pid 5869] <... mkdir resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] mkdir("./75", 0777 [pid 5869] <... openat resumed>) = 3 [pid 5871] <... mkdir resumed>) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6746] +++ killed by SIGSEGV (core dumped) +++ [pid 6745] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=162, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5870] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... close resumed>) = 0 [pid 6750] <... write resumed>) = 2097152 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6751 attached [pid 6750] munmap(0x7f7017800000, 138412032 [pid 5871] <... close resumed>) = 0 [pid 6751] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 156 [pid 6751] <... set_robust_list resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6751] chdir("./75") = 0 [pid 6751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6751] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 6752 attached [pid 6751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 156 [pid 6751] write(3, "1000", 4 [pid 6750] <... munmap resumed>) = 0 [pid 6752] set_robust_list(0x55557616a6a0, 24 [pid 6751] <... write resumed>) = 4 [pid 6751] close(3 [pid 6752] <... set_robust_list resumed>) = 0 [pid 6751] <... close resumed>) = 0 [pid 6752] chdir("./75" [pid 6751] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6752] <... chdir resumed>) = 0 [pid 6750] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6752] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6750] <... openat resumed>) = 4 [pid 6752] <... prctl resumed>) = 0 [pid 6751] write(1, "executing program\n", 18 [pid 6750] ioctl(4, LOOP_SET_FD, 3 [pid 6752] setpgid(0, 0 [pid 6751] <... write resumed>) = 18 [pid 6752] <... setpgid resumed>) = 0 [pid 6751] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... ioctl resumed>) = 0 [pid 6752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6751] <... futex resumed>) = 0 [pid 6752] <... openat resumed>) = 3 [pid 6751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6750] close(3 [pid 6752] write(3, "1000", 4 [pid 6751] <... mmap resumed>) = 0x7f701fcf4000 [pid 6750] <... close resumed>) = 0 [pid 6752] <... write resumed>) = 4 [pid 6751] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6750] close(4) = 0 [pid 6752] close(3 [pid 6751] <... mprotect resumed>) = 0 [pid 6750] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6752] <... close resumed>) = 0 [pid 6751] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6750] <... mkdir resumed>) = 0 [pid 6752] symlink("/dev/binderfs", "./binderfs" [pid 6751] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6750] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6752] <... symlink resumed>) = 0 [pid 6752] write(1, "executing program\n", 18 [pid 6751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}executing program ./strace-static-x86_64: Process 6753 attached [pid 6752] <... write resumed>) = 18 [pid 6752] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... clone3 resumed> => {parent_tid=[157]}, 88) = 157 [pid 6753] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6752] <... futex resumed>) = 0 [pid 6751] rt_sigprocmask(SIG_SETMASK, [], [pid 6753] <... rseq resumed>) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6753] set_robust_list(0x7f701fd149a0, 24 [pid 6751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6752] <... mmap resumed>) = 0x7f701fcf4000 [pid 6753] <... set_robust_list resumed>) = 0 [pid 6751] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6751] <... futex resumed>) = 0 [pid 6753] rt_sigprocmask(SIG_SETMASK, [], [pid 6751] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6752] <... mprotect resumed>) = 0 [ 410.321720][ T6750] loop0: detected capacity change from 0 to 4096 [pid 6753] memfd_create("syzkaller", 0) = 3 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] <... umount2 resumed>) = 0 [pid 6753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6752] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6753] <... mmap resumed>) = 0x7f7017800000 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6754 attached ) = -1 EINVAL (Invalid argument) [pid 6754] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6752] <... clone3 resumed> => {parent_tid=[157]}, 88) = 157 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6754] <... rseq resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6754] set_robust_list(0x7f701fd149a0, 24 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6754] <... set_robust_list resumed>) = 0 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], [pid 6748] +++ killed by SIGSEGV (core dumped) +++ [pid 6747] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=155, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5870] <... openat resumed>) = 4 [pid 6752] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] newfstatat(4, "", [pid 6754] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6752] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] getdents64(4, [pid 6754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6754] memfd_create("syzkaller", 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 6754] <... memfd_create resumed>) = 3 [pid 5870] getdents64(4, [pid 6754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6754] <... mmap resumed>) = 0x7f7017800000 [pid 5872] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] close(4 [pid 5872] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] <... close resumed>) = 0 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] rmdir("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./74/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./74") = 0 [pid 5870] mkdir("./75", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 6753] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6754] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, ./strace-static-x86_64: Process 6755 attached [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 164 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 6755] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... close resumed>) = 0 [pid 6755] <... set_robust_list resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6755] chdir("./75" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./74/binderfs", [pid 6755] <... chdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] unlink("./74/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./74") = 0 [pid 6755] setpgid(0, 0 [pid 5872] mkdir("./75", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6755] <... setpgid resumed>) = 0 [pid 6753] <... write resumed>) = 2097152 [pid 6750] <... mount resumed>) = 0 [pid 6755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6750] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6753] munmap(0x7f7017800000, 138412032 [pid 6754] <... write resumed>) = 2097152 [pid 6754] munmap(0x7f7017800000, 138412032 [pid 6750] <... openat resumed>) = 3 [pid 6753] <... munmap resumed>) = 0 [pid 6755] <... openat resumed>) = 3 [pid 6753] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6750] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6755] write(3, "1000", 4 [pid 6753] <... openat resumed>) = 4 [pid 6750] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6753] ioctl(4, LOOP_SET_FD, 3 [pid 6750] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6754] <... munmap resumed>) = 0 [pid 6755] <... write resumed>) = 4 [pid 6750] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] close(3 [pid 6750] <... futex resumed>) = 1 [pid 6755] <... close resumed>) = 0 [pid 6755] symlink("/dev/binderfs", "./binderfs" [pid 6750] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6749] <... futex resumed>) = 0 [pid 6755] <... symlink resumed>) = 0 [pid 6749] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6750] <... futex resumed>) = 0 [pid 6749] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... close resumed>) = 0 [pid 6755] write(1, "executing program\n", 18 [pid 6754] <... openat resumed>) = 4 [pid 6753] <... ioctl resumed>) = 0 [pid 6750] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000executing program [pid 6754] ioctl(4, LOOP_SET_FD, 3 [pid 6755] <... write resumed>) = 18 [pid 6753] close(3) = 0 [pid 6755] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] close(4) = 0 [pid 6753] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6750] <... openat resumed>) = 4 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6755] <... futex resumed>) = 0 [pid 6753] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6756 attached [pid 6755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6753] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6750] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] <... mmap resumed>) = 0x7f701fcf4000 [pid 6756] set_robust_list(0x55557616a6a0, 24 [pid 6755] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 157 [pid 6756] <... set_robust_list resumed>) = 0 [pid 6750] <... futex resumed>) = 1 [pid 6749] <... futex resumed>) = 0 [pid 6756] chdir("./75" [pid 6755] <... mprotect resumed>) = 0 [pid 6750] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... chdir resumed>) = 0 [pid 6754] <... ioctl resumed>) = 0 [pid 6749] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6750] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6749] <... futex resumed>) = 0 [pid 6756] <... prctl resumed>) = 0 [pid 6754] close(3 [pid 6756] setpgid(0, 0 [pid 6754] <... close resumed>) = 0 [pid 6756] <... setpgid resumed>) = 0 [pid 6754] close(4 [pid 6756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6754] <... close resumed>) = 0 [pid 6750] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6749] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... openat resumed>) = 3 [pid 6755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6754] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777./strace-static-x86_64: Process 6757 attached [pid 6750] <... openat resumed>) = 5 [pid 6750] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] write(3, "1000", 4 [pid 6754] <... mkdir resumed>) = 0 [pid 6757] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6756] <... write resumed>) = 4 [pid 6754] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6757] <... rseq resumed>) = 0 [pid 6756] close(3 [pid 6757] set_robust_list(0x7f701fd149a0, 24 [pid 6756] <... close resumed>) = 0 executing program [pid 6757] <... set_robust_list resumed>) = 0 [pid 6756] symlink("/dev/binderfs", "./binderfs" [pid 6757] rt_sigprocmask(SIG_SETMASK, [], [pid 6756] <... symlink resumed>) = 0 [pid 6757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6756] write(1, "executing program\n", 18 [pid 6757] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... write resumed>) = 18 [pid 6756] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6756] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6758 attached [pid 6750] <... futex resumed>) = 1 [pid 6749] <... futex resumed>) = 0 [pid 6758] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6756] <... clone3 resumed> => {parent_tid=[158]}, 88) = 158 [pid 6749] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], [pid 6755] <... clone3 resumed> => {parent_tid=[165]}, 88) = 165 [pid 6750] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6758] <... rseq resumed>) = 0 [pid 6756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6755] rt_sigprocmask(SIG_SETMASK, [], [pid 6749] <... futex resumed>) = 0 [ 410.630109][ T6753] loop2: detected capacity change from 0 to 4096 [ 410.651124][ T6754] loop3: detected capacity change from 0 to 4096 [pid 6758] set_robust_list(0x7f701fd149a0, 24 [pid 6756] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6750] <... write resumed>) = 1116 [pid 6749] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... set_robust_list resumed>) = 0 [pid 6755] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6758] rt_sigprocmask(SIG_SETMASK, [], [pid 6757] <... futex resumed>) = 0 [pid 6756] <... futex resumed>) = 0 [pid 6755] <... futex resumed>) = 1 [pid 6750] <... futex resumed>) = 0 [pid 6749] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6757] memfd_create("syzkaller", 0 [pid 6756] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6755] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6750] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6749] <... futex resumed>) = 0 [pid 6758] memfd_create("syzkaller", 0 [pid 6750] <... mmap resumed>) = 0x200000000000 [pid 6749] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... memfd_create resumed>) = 3 [pid 6757] <... memfd_create resumed>) = 3 [pid 6757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6750] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6757] <... mmap resumed>) = 0x7f7017800000 [pid 6758] <... mmap resumed>) = 0x7f7017800000 [pid 6750] <... futex resumed>) = 1 [pid 6749] <... futex resumed>) = 0 [pid 6750] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6749] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6749] <... futex resumed>) = 0 [pid 6750] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6750] <... futex resumed>) = 0 [pid 6749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6749] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6749] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] <... mount resumed>) = 0 [pid 6753] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6757] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6753] <... openat resumed>) = 3 [pid 6758] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6753] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6753] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] <... futex resumed>) = 0 [pid 6753] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6751] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6751] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6754] <... mount resumed>) = 0 [pid 6753] <... openat resumed>) = 4 [pid 6754] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6753] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... openat resumed>) = 3 [pid 6753] <... futex resumed>) = 1 [pid 6751] <... futex resumed>) = 0 [pid 6754] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6753] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6754] <... chdir resumed>) = 0 [pid 6751] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6753] <... futex resumed>) = 0 [pid 6751] <... futex resumed>) = 1 [pid 6754] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6753] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6751] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... write resumed>) = 2097152 [pid 6754] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... openat resumed>) = 5 [pid 6753] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6754] <... futex resumed>) = 1 [pid 6751] <... futex resumed>) = 0 [pid 6757] <... write resumed>) = 2097152 [pid 6754] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... futex resumed>) = 0 [pid 6751] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6751] <... futex resumed>) = 1 [pid 6753] <... futex resumed>) = 0 [pid 6751] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6753] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6753] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6751] <... futex resumed>) = 0 [pid 6751] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] <... futex resumed>) = 0 [pid 6751] <... futex resumed>) = 1 [pid 6758] munmap(0x7f7017800000, 138412032 [pid 6753] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6751] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... munmap resumed>) = 0 [pid 6753] <... mmap resumed>) = 0x200000000000 [pid 6757] munmap(0x7f7017800000, 138412032 [pid 6753] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] <... futex resumed>) = 0 [pid 6751] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6753] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6751] <... futex resumed>) = 0 [pid 6751] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6751] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... munmap resumed>) = 0 [pid 6753] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6758] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6758] ioctl(4, LOOP_SET_FD, 3 [pid 6757] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... openat resumed>) = 4 [pid 6757] ioctl(4, LOOP_SET_FD, 3 [pid 6754] <... openat resumed>) = 4 [pid 6752] <... futex resumed>) = 0 [pid 6758] <... ioctl resumed>) = 0 [pid 6754] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6754] <... futex resumed>) = 0 [pid 6754] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... mmap resumed>) = 0x7f701fcd3000 [pid 6752] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6749] <... futex resumed>) = ? [pid 6757] <... ioctl resumed>) = 0 [pid 6757] close(3) = 0 [pid 6757] close(4) = 0 [pid 6757] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6757] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6758] close(3 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6758] <... close resumed>) = 0 [pid 6758] close(4) = 0 [pid 6758] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6752] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6750] +++ killed by SIGSEGV (core dumped) +++ [pid 6749] +++ killed by SIGSEGV (core dumped) +++ [pid 6758] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 6759 attached [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=154, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 6759] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 6752] <... clone3 resumed> => {parent_tid=[158]}, 88) = 158 [pid 5868] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6759] <... rseq resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6759] set_robust_list(0x7f701fcf39a0, 24 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6759] <... set_robust_list resumed>) = 0 [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 410.970846][ T6757] loop1: detected capacity change from 0 to 4096 [ 410.978774][ T6758] loop4: detected capacity change from 0 to 4096 [pid 6759] rt_sigprocmask(SIG_SETMASK, [], [pid 6752] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... openat resumed>) = 3 [pid 6759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6752] <... futex resumed>) = 0 [pid 5868] newfstatat(3, "", [pid 6759] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6752] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6759] <... openat resumed>) = 5 [pid 6759] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6759] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6754] <... futex resumed>) = 0 [pid 6754] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6752] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... write resumed>) = 1116 [pid 6754] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6752] <... futex resumed>) = 0 [pid 6754] <... mmap resumed>) = 0x200000000000 [pid 6752] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6754] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6752] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6754] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6754] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6754] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6752] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... mount resumed>) = 0 [pid 6758] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6758] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6758] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6758] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... futex resumed>) = 1 [pid 6758] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6757] <... mount resumed>) = 0 [pid 6757] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6757] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6757] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6757] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6757] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6758] <... openat resumed>) = 4 [pid 6758] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6758] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6758] <... futex resumed>) = 0 [pid 6758] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6756] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... openat resumed>) = 5 [pid 6758] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] <... futex resumed>) = 0 [pid 6756] <... futex resumed>) = 0 [pid 6755] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... futex resumed>) = 0 [pid 6755] <... futex resumed>) = 1 [pid 6757] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6755] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6758] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6757] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6757] <... futex resumed>) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6757] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6755] <... futex resumed>) = 0 [pid 6757] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6755] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6758] <... write resumed>) = 1116 [pid 6758] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6758] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6756] <... futex resumed>) = 0 [pid 6756] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... futex resumed>) = 0 [pid 6756] <... futex resumed>) = 1 [pid 5868] umount2("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6758] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6757] <... openat resumed>) = 5 [pid 6756] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6758] <... mmap resumed>) = 0x200000000000 [pid 6757] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6758] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 1 [pid 5868] <... openat resumed>) = 4 [pid 6755] <... futex resumed>) = 0 [pid 6758] <... futex resumed>) = 1 [pid 6757] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6756] <... futex resumed>) = 0 [pid 6755] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6757] <... write resumed>) = 1116 [pid 6756] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6757] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] <... futex resumed>) = 0 [pid 6755] <... futex resumed>) = 0 [pid 6758] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6755] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6758] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6758] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6756] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6758] <... futex resumed>) = 0 [pid 6757] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6758] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6756] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... futex resumed>) = 0 [pid 6755] <... futex resumed>) = 1 [pid 5868] newfstatat(4, "", [pid 6755] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6757] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5868] getdents64(4, [pid 6757] <... mmap resumed>) = 0x200000000000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6757] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6757] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] <... futex resumed>) = 0 [pid 5868] getdents64(4, [pid 6755] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6755] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... futex resumed>) = 0 [pid 5868] close(4 [pid 6757] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x37\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 6757] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5868] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./74/binderfs", [pid 6757] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./74/binderfs" [pid 6757] <... futex resumed>) = 1 [pid 6757] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] <... futex resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 6755] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(3, [pid 6755] <... futex resumed>) = 1 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6757] <... futex resumed>) = 0 [pid 5868] close(3 [pid 6757] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6755] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./74") = 0 [pid 5868] mkdir("./75", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6751] <... futex resumed>) = ? [pid 6753] +++ killed by SIGSEGV (core dumped) +++ [pid 6751] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=156, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... close resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6760 attached [pid 5869] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 156 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6760] set_robust_list(0x55557616a6a0, 24 [pid 5869] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6760] <... set_robust_list resumed>) = 0 [pid 6760] chdir("./75" [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", [pid 6760] <... chdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] getdents64(3, [pid 6760] setpgid(0, 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6760] <... setpgid resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6760] write(3, "1000", 4) = 4 [pid 6760] close(3) = 0 [pid 6760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6760] write(1, "executing program\n", 18executing program ) = 18 [pid 6760] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6760] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6761 attached => {parent_tid=[157]}, 88) = 157 [pid 6760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6760] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6760] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6761] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6761] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6761] memfd_create("syzkaller", 0) = 3 [pid 6761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6759] <... futex resumed>) = ? [pid 6752] <... futex resumed>) = ? [pid 6759] +++ killed by SIGSEGV (core dumped) +++ [pid 6761] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6754] +++ killed by SIGSEGV (core dumped) +++ [pid 6752] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=156, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5871] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6756] <... futex resumed>) = ? [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6758] +++ killed by SIGSEGV (core dumped) +++ [pid 6756] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] close(4 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=157, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... restart_syscall resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./75/binderfs", [pid 5872] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] newfstatat(3, "", [pid 5869] unlink("./75/binderfs" [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6761] <... write resumed>) = 2097152 [pid 5869] close(3 [pid 6761] munmap(0x7f7017800000, 138412032) = 0 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./75" [pid 6761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6761] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./76", 0777 [pid 5871] <... umount2 resumed>) = 0 [pid 6761] <... ioctl resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6761] close(3) = 0 [pid 5871] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6761] close(4 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6761] <... close resumed>) = 0 [pid 6761] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6761] <... mkdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6761] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6755] <... futex resumed>) = ? [pid 5869] close(3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./75/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./75") = 0 [ 411.643659][ T6761] loop0: detected capacity change from 0 to 4096 [pid 5871] mkdir("./76", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6757] +++ killed by SIGSEGV (core dumped) +++ [pid 6755] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... close resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=164, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, ./strace-static-x86_64: Process 6762 attached 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6762] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 158 [pid 6762] <... set_robust_list resumed>) = 0 [pid 6762] chdir("./76") = 0 [pid 6762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6762] setpgid(0, 0) = 0 [pid 6762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6762] write(3, "1000", 4) = 4 [pid 6762] close(3) = 0 [pid 6762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6762] write(1, "executing program\n", 18executing program ) = 18 [pid 6762] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6762] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6762] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6762] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5872] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6763 attached [pid 6762] <... clone3 resumed> => {parent_tid=[159]}, 88) = 159 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6762] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6763] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6762] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... rseq resumed>) = 0 [pid 6762] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6762] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6763] set_robust_list(0x7f701fd149a0, 24 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6763] <... set_robust_list resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6763] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] newfstatat(4, "", [pid 6763] memfd_create("syzkaller", 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, ./strace-static-x86_64: Process 6764 attached 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 6764] set_robust_list(0x55557616a6a0, 24 [pid 5872] rmdir("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6764] <... set_robust_list resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 6764] chdir("./76" [pid 6763] <... memfd_create resumed>) = 3 [pid 5872] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6763] <... mmap resumed>) = 0x7f7017800000 [pid 5872] newfstatat(AT_FDCWD, "./75/binderfs", [pid 6764] <... chdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6764] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] unlink("./75/binderfs" [pid 6764] <... prctl resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 6764] setpgid(0, 0 [pid 5872] getdents64(3, [pid 6764] <... setpgid resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 411.801171][ T5878] Bluetooth: hci2: command 0x0406 tx timeout [ 411.806632][ T5888] Bluetooth: hci0: command 0x0406 tx timeout [ 411.807803][ T5878] Bluetooth: hci3: command 0x0406 tx timeout [ 411.813278][ T5888] Bluetooth: hci1: command 0x0406 tx timeout [ 411.819620][ T5880] Bluetooth: hci4: command 0x0406 tx timeout [pid 5872] close(3 [pid 6764] <... openat resumed>) = 3 [pid 6761] <... mount resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 159 [pid 6764] write(3, "1000", 4 [pid 6761] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] rmdir("./75" [pid 6764] <... write resumed>) = 4 [pid 6761] <... openat resumed>) = 3 [pid 5872] <... rmdir resumed>) = 0 [pid 6764] close(3 [pid 6761] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] mkdir("./76", 0777 [pid 6764] <... close resumed>) = 0 [pid 6761] <... chdir resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6764] symlink("/dev/binderfs", "./binderfs" [pid 6761] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] ioctl(3, LOOP_CLR_FD [pid 6764] <... symlink resumed>) = 0 [pid 6761] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3executing program [pid 6764] write(1, "executing program\n", 18 [pid 6761] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... write resumed>) = 18 [pid 6761] <... futex resumed>) = 1 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6761] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6764] <... futex resumed>) = 0 [pid 6764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5870] <... umount2 resumed>) = 0 [pid 6764] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6764] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6764] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[160]}, 88) = 160 [pid 6764] rt_sigprocmask(SIG_SETMASK, [], [pid 6761] <... openat resumed>) = 4 [pid 5870] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6761] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6761] <... futex resumed>) = 1 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", ./strace-static-x86_64: Process 6765 attached [pid 6764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6763] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6761] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6765] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6764] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... rseq resumed>) = 0 [pid 6764] <... futex resumed>) = 0 [pid 6765] set_robust_list(0x7f701fd149a0, 24 [pid 6764] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6760] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6765] <... set_robust_list resumed>) = 0 [pid 6760] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... close resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6765] memfd_create("syzkaller", 0) = 3 [pid 6765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6761] <... openat resumed>) = 5 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6765] <... mmap resumed>) = 0x7f7017800000 [pid 6761] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 6761] <... futex resumed>) = 1 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6761] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6760] <... futex resumed>) = 0 [pid 6760] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(4, [pid 6761] <... write resumed>) = 1116 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6761] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(4, [pid 6761] <... futex resumed>) = 1 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6761] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... futex resumed>) = 0 [pid 5870] close(4 [pid 6760] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6761] <... futex resumed>) = 0 [pid 6760] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] rmdir("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6761] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5870] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6766 attached [pid 6761] <... mmap resumed>) = 0x200000000000 [pid 5870] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 159 [pid 5870] newfstatat(AT_FDCWD, "./75/binderfs", [pid 6761] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./75/binderfs" [pid 6761] <... futex resumed>) = 1 [pid 6760] <... futex resumed>) = 0 [pid 6761] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6760] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... unlink resumed>) = 0 [pid 6760] <... futex resumed>) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6760] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] close(3 [pid 6761] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] <... close resumed>) = 0 [pid 6761] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("./75" [pid 6761] <... futex resumed>) = 1 [pid 5870] <... rmdir resumed>) = 0 [pid 6766] set_robust_list(0x55557616a6a0, 24 [pid 6761] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... futex resumed>) = 0 [pid 5870] mkdir("./76", 0777 [pid 6766] <... set_robust_list resumed>) = 0 [pid 6766] chdir("./76") = 0 [pid 6766] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... mkdir resumed>) = 0 [pid 6766] <... prctl resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6766] setpgid(0, 0) = 0 [pid 6766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6760] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 6760] <... futex resumed>) = 1 [pid 6761] <... futex resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 6761] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6760] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 6766] <... openat resumed>) = 3 [pid 6766] write(3, "1000", 4) = 4 [pid 6766] close(3) = 0 [pid 6766] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6766] write(1, "executing program\n", 18) = 18 [pid 6766] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6766] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6763] <... write resumed>) = 2097152 [pid 6766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[160]}, 88) = 160 [pid 6766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6763] munmap(0x7f7017800000, 138412032./strace-static-x86_64: Process 6767 attached [pid 6766] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6767] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6765] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6767] <... rseq resumed>) = 0 [pid 6767] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6767] memfd_create("syzkaller", 0 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6767] <... memfd_create resumed>) = 3 [pid 6767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 6768 attached [pid 6763] <... munmap resumed>) = 0 [pid 6768] set_robust_list(0x55557616a6a0, 24 [pid 6763] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 166 [pid 6768] <... set_robust_list resumed>) = 0 [pid 6763] <... openat resumed>) = 4 [pid 6768] chdir("./76") = 0 [pid 6768] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6763] ioctl(4, LOOP_SET_FD, 3 [pid 6768] <... prctl resumed>) = 0 [pid 6765] <... write resumed>) = 2097152 [pid 6768] setpgid(0, 0 [pid 6767] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6763] <... ioctl resumed>) = 0 [pid 6765] munmap(0x7f7017800000, 138412032 [pid 6768] <... setpgid resumed>) = 0 [pid 6768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6763] close(3 [pid 6768] <... openat resumed>) = 3 [pid 6763] <... close resumed>) = 0 [pid 6763] close(4 [pid 6768] write(3, "1000", 4) = 4 [pid 6763] <... close resumed>) = 0 [pid 6768] close(3 [pid 6763] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6768] <... close resumed>) = 0 [pid 6768] symlink("/dev/binderfs", "./binderfs" [pid 6763] <... mkdir resumed>) = 0 [pid 6768] <... symlink resumed>) = 0 [pid 6763] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6768] write(1, "executing program\n", 18executing program ) = 18 [pid 6768] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6765] <... munmap resumed>) = 0 [pid 6768] <... mmap resumed>) = 0x7f701fcf4000 [pid 6768] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6765] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6768] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6765] <... openat resumed>) = 4 [pid 6768] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [ 412.158209][ T6763] loop2: detected capacity change from 0 to 4096 [pid 6765] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6769 attached [pid 6768] <... clone3 resumed> => {parent_tid=[167]}, 88) = 167 [pid 6769] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6768] rt_sigprocmask(SIG_SETMASK, [], [pid 6769] <... rseq resumed>) = 0 [pid 6768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6769] set_robust_list(0x7f701fd149a0, 24 [pid 6768] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... set_robust_list resumed>) = 0 [pid 6768] <... futex resumed>) = 0 [pid 6769] rt_sigprocmask(SIG_SETMASK, [], [pid 6768] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6769] memfd_create("syzkaller", 0) = 3 [pid 6769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6767] <... write resumed>) = 2097152 [pid 6765] <... ioctl resumed>) = 0 [pid 6767] munmap(0x7f7017800000, 138412032 [pid 6765] close(3) = 0 [pid 6765] close(4) = 0 [ 412.213297][ T6765] loop3: detected capacity change from 0 to 4096 [pid 6765] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6765] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6767] <... munmap resumed>) = 0 [pid 6767] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6769] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6767] ioctl(4, LOOP_SET_FD, 3 [pid 6763] <... mount resumed>) = 0 [pid 6763] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6763] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6763] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6763] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6763] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... futex resumed>) = 0 [pid 6762] <... futex resumed>) = 1 [pid 6763] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6762] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... ioctl resumed>) = 0 [pid 6763] <... openat resumed>) = 4 [pid 6763] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] close(3 [pid 6763] <... futex resumed>) = 1 [pid 6763] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6767] <... close resumed>) = 0 [pid 6762] <... futex resumed>) = 0 [pid 6767] close(4 [pid 6762] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... close resumed>) = 0 [pid 6763] <... futex resumed>) = 0 [pid 6762] <... futex resumed>) = 1 [pid 6767] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6763] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6762] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... mkdir resumed>) = 0 [pid 6767] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6765] <... mount resumed>) = 0 [pid 6763] <... openat resumed>) = 5 [pid 6763] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [ 412.323200][ T6767] loop4: detected capacity change from 0 to 4096 [pid 6765] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6763] <... futex resumed>) = 1 [pid 6762] <... futex resumed>) = 0 [pid 6762] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] <... futex resumed>) = ? [pid 6763] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6763] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6763] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6763] <... futex resumed>) = 0 [pid 6762] <... futex resumed>) = 1 [pid 6765] <... chdir resumed>) = 0 [pid 6763] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6765] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6762] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... futex resumed>) = 0 [pid 6762] <... futex resumed>) = 1 [pid 6763] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6763] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6762] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6761] +++ killed by SIGSEGV (core dumped) +++ [pid 6760] +++ killed by SIGSEGV (core dumped) +++ [pid 6763] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=156, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6765] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6762] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... futex resumed>) = 0 [pid 6762] <... futex resumed>) = 1 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6765] <... futex resumed>) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6763] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6762] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6764] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6764] <... futex resumed>) = 0 [pid 6763] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] <... futex resumed>) = 1 [pid 6762] <... futex resumed>) = 0 [pid 5868] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6763] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6762] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6762] <... futex resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6765] <... openat resumed>) = 4 [pid 6763] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6762] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... openat resumed>) = 3 [pid 6769] <... write resumed>) = 2097152 [pid 6765] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(3, "", [pid 6769] munmap(0x7f7017800000, 138412032 [pid 6765] <... futex resumed>) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6765] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6765] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6769] <... munmap resumed>) = 0 [pid 6765] <... openat resumed>) = 5 [pid 6769] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6765] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] ioctl(4, LOOP_SET_FD, 3 [pid 6765] <... futex resumed>) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6765] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... mount resumed>) = 0 [pid 6765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6764] <... futex resumed>) = 0 [pid 6767] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6764] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6767] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6765] <... write resumed>) = 1116 [pid 6767] <... chdir resumed>) = 0 [pid 6767] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6765] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6765] <... futex resumed>) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6765] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6767] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] <... mmap resumed>) = 0x200000000000 [pid 6764] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6765] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6764] <... futex resumed>) = 1 [pid 6765] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6764] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6766] <... futex resumed>) = 0 [pid 6765] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6766] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6766] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... futex resumed>) = 0 [pid 6765] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6765] <... futex resumed>) = 1 [pid 6769] <... ioctl resumed>) = 0 [pid 6765] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] close(3 [pid 6764] <... futex resumed>) = 0 [pid 6769] <... close resumed>) = 0 [pid 6764] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] close(4 [pid 6765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6769] <... close resumed>) = 0 [pid 6765] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6769] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 412.477607][ T6769] loop1: detected capacity change from 0 to 4096 [pid 6769] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6766] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6766] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 6766] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} [pid 6767] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6770 attached [pid 6766] <... clone3 resumed> => {parent_tid=[161]}, 88) = 161 [pid 6770] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 6766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6766] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... rseq resumed>) = 0 [pid 6766] <... futex resumed>) = 0 [pid 6770] set_robust_list(0x7f701fcf39a0, 24 [pid 6766] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] <... set_robust_list resumed>) = 0 [pid 6770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6770] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6770] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] <... futex resumed>) = 0 [pid 6766] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6766] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6770] <... futex resumed>) = 1 [pid 6770] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6767] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6770] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6766] <... futex resumed>) = 0 [pid 6770] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6766] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6766] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... futex resumed>) = 0 [pid 6767] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6767] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6766] <... futex resumed>) = 0 [pid 6767] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6766] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6766] <... futex resumed>) = 0 [pid 6767] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6766] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6767] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6767] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6766] <... futex resumed>) = 0 [pid 6767] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6766] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6769] <... mount resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6769] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] umount2("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6769] <... openat resumed>) = 3 [pid 6769] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6769] <... chdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6769] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6769] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 6769] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6769] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6768] <... futex resumed>) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 6768] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] getdents64(4, [pid 6769] <... openat resumed>) = 4 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x37\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6769] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6768] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6768] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6769] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6769] <... openat resumed>) = 5 [pid 5868] unlink("./75/binderfs") = 0 [pid 6769] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6768] <... futex resumed>) = 0 [pid 5868] getdents64(3, [pid 6769] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6769] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6768] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6768] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] close(3) = 0 [pid 6769] <... write resumed>) = 1116 [pid 5868] rmdir("./75" [pid 6769] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6769] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] <... futex resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6768] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = 0 [pid 6768] <... futex resumed>) = 1 [pid 5868] mkdir("./76", 0777 [pid 6768] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6769] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 5868] <... mkdir resumed>) = 0 [pid 6769] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6769] <... futex resumed>) = 1 [pid 6769] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6768] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6769] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6768] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6769] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6768] <... futex resumed>) = 0 [pid 6769] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6768] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... ioctl resumed>) = 0 [pid 6769] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] close(3 [pid 6769] <... futex resumed>) = 0 [pid 6768] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6762] <... futex resumed>) = ? [pid 6763] +++ killed by SIGSEGV (core dumped) +++ [pid 6762] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=158, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5869] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 158 ./strace-static-x86_64: Process 6771 attached [pid 6771] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6771] chdir("./76") = 0 [pid 6771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6771] setpgid(0, 0) = 0 [pid 6771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6771] write(3, "1000", 4 [pid 6764] <... futex resumed>) = ? [pid 6771] <... write resumed>) = 4 [pid 6765] +++ killed by SIGSEGV (core dumped) +++ [pid 6764] +++ killed by SIGSEGV (core dumped) +++ [pid 6771] close(3) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=159, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- [pid 6771] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6771] write(1, "executing program\n", 18) = 18 [pid 6771] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6771] <... futex resumed>) = 0 [pid 6771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6771] <... mmap resumed>) = 0x7f701fcf4000 [pid 6771] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 6771] <... mprotect resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6772 attached => {parent_tid=[159]}, 88) = 159 [pid 6772] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6771] rt_sigprocmask(SIG_SETMASK, [], [pid 6772] <... rseq resumed>) = 0 [pid 6771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6772] set_robust_list(0x7f701fd149a0, 24 [pid 6771] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] <... set_robust_list resumed>) = 0 [pid 6771] <... futex resumed>) = 0 [pid 6772] rt_sigprocmask(SIG_SETMASK, [], [pid 6771] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6772] memfd_create("syzkaller", 0 [pid 6766] <... futex resumed>) = ? [pid 6772] <... memfd_create resumed>) = 3 [pid 6770] <... futex resumed>) = ? [pid 6767] +++ killed by SIGSEGV (core dumped) +++ [pid 6772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6770] +++ killed by SIGSEGV (core dumped) +++ [pid 6766] +++ killed by SIGSEGV (core dumped) +++ [pid 6772] <... mmap resumed>) = 0x7f7017800000 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=159, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./76/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./76") = 0 [pid 5869] mkdir("./77", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 6772] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 5869] <... close resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 6772] <... write resumed>) = 2097152 [pid 5872] <... umount2 resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... close resumed>) = 0 ./strace-static-x86_64: Process 6773 attached [pid 6772] munmap(0x7f7017800000, 138412032 [pid 5871] rmdir("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 6773] set_robust_list(0x55557616a6a0, 24 [pid 5871] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 160 [pid 5871] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./76/binderfs" [pid 6773] <... set_robust_list resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... unlink resumed>) = 0 [pid 6773] chdir("./77" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] getdents64(3, [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6773] <... chdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6773] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] close(3 [pid 6773] <... prctl resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... close resumed>) = 0 [pid 6773] setpgid(0, 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] rmdir("./76" [pid 6773] <... setpgid resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5871] <... rmdir resumed>) = 0 [pid 5872] newfstatat(4, "", [pid 6773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] mkdir("./77", 0777 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] <... mkdir resumed>) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... openat resumed>) = 3 [pid 6773] <... openat resumed>) = 3 [pid 5872] <... rmdir resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5872] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... ioctl resumed>) = 0 [pid 6773] write(3, "1000", 4 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] close(3 [pid 6773] <... write resumed>) = 4 [pid 5872] newfstatat(AT_FDCWD, "./76/binderfs", [pid 6773] close(3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6773] <... close resumed>) = 0 [pid 5872] unlink("./76/binderfs" [pid 6773] symlink("/dev/binderfs", "./binderfs" [pid 5872] <... unlink resumed>) = 0 [pid 6773] <... symlink resumed>) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./76") = 0 [pid 5872] mkdir("./77", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWRexecuting program [pid 6773] write(1, "executing program\n", 18 [pid 6772] <... munmap resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6773] <... write resumed>) = 18 [pid 6773] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6773] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6773] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6773] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6774 attached => {parent_tid=[161]}, 88) = 161 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6773] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6774] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6773] <... futex resumed>) = 0 [pid 6774] set_robust_list(0x7f701fd149a0, 24 [pid 6773] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6774] <... set_robust_list resumed>) = 0 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] memfd_create("syzkaller", 0 [pid 6772] <... openat resumed>) = 4 [pid 6772] ioctl(4, LOOP_SET_FD, 3 [pid 6774] <... memfd_create resumed>) = 3 [pid 6774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6775 attached , child_tidptr=0x55557616a690) = 162 [pid 6775] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6775] chdir("./77" [pid 6772] <... ioctl resumed>) = 0 [pid 6775] <... chdir resumed>) = 0 [pid 6772] close(3 [pid 6775] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6772] <... close resumed>) = 0 [pid 6775] <... prctl resumed>) = 0 [pid 6772] close(4 [pid 6775] setpgid(0, 0 [pid 6772] <... close resumed>) = 0 [pid 6775] <... setpgid resumed>) = 0 [pid 6772] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6772] <... mkdir resumed>) = 0 [pid 6775] <... openat resumed>) = 3 [pid 6772] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6775] write(3, "1000", 4) = 4 [pid 6775] close(3) = 0 [pid 6775] symlink("/dev/binderfs", "./binderfs") = 0 executing program [ 413.226698][ T6772] loop0: detected capacity change from 0 to 4096 [pid 6775] write(1, "executing program\n", 18 [pid 6774] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6775] <... write resumed>) = 18 [pid 5871] <... close resumed>) = 0 [pid 6775] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... futex resumed>) = ? [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6775] <... futex resumed>) = 0 [pid 6775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6775] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6776 attached ) = 0 [pid 6776] set_robust_list(0x55557616a6a0, 24 [pid 6775] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6776] <... set_robust_list resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 161 [pid 6775] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6776] chdir("./77") = 0 [pid 6775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6776] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 6777 attached ) = 0 [pid 6776] setpgid(0, 0) = 0 [pid 6775] <... clone3 resumed> => {parent_tid=[163]}, 88) = 163 [pid 6777] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6775] rt_sigprocmask(SIG_SETMASK, [], [pid 6777] <... rseq resumed>) = 0 [pid 6775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] set_robust_list(0x7f701fd149a0, 24 [pid 6775] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... set_robust_list resumed>) = 0 [pid 6775] <... futex resumed>) = 0 [pid 6776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6769] +++ killed by SIGSEGV (core dumped) +++ [pid 6768] +++ killed by SIGSEGV (core dumped) +++ [pid 6776] write(3, "1000", 4) = 4 [pid 6777] rt_sigprocmask(SIG_SETMASK, [], [pid 6775] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=166, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 6777] memfd_create("syzkaller", 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 6777] <... memfd_create resumed>) = 3 [pid 6776] close(3 [pid 6777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6776] <... close resumed>) = 0 executing program [pid 6777] <... mmap resumed>) = 0x7f7017800000 [pid 6776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 6776] write(1, "executing program\n", 18) = 18 [pid 6776] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6776] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6776] <... mmap resumed>) = 0x7f701fcf4000 [pid 5870] <... openat resumed>) = 3 [pid 6776] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5870] newfstatat(3, "", [pid 6776] <... mprotect resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6776] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6776] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[162]}, 88) = 162 [pid 6776] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6778 attached NULL, 8) = 0 [pid 6778] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6778] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6774] <... write resumed>) = 2097152 [pid 6776] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] memfd_create("syzkaller", 0 [pid 6776] <... futex resumed>) = 0 [pid 6774] munmap(0x7f7017800000, 138412032 [pid 6776] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6778] <... memfd_create resumed>) = 3 [pid 6777] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6774] <... munmap resumed>) = 0 [pid 6778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6777] <... write resumed>) = 2097152 [pid 6777] munmap(0x7f7017800000, 138412032 [pid 6772] <... mount resumed>) = 0 [pid 6774] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6774] ioctl(4, LOOP_SET_FD, 3 [pid 6772] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6777] <... munmap resumed>) = 0 [pid 6772] <... openat resumed>) = 3 [pid 6772] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6772] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] <... ioctl resumed>) = 0 [pid 6774] close(3) = 0 [pid 6774] close(4 [pid 6777] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6771] <... futex resumed>) = 0 [pid 6774] <... close resumed>) = 0 [pid 6774] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6777] <... openat resumed>) = 4 [pid 6774] <... mkdir resumed>) = 0 [pid 6771] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6771] <... futex resumed>) = 1 [pid 6777] ioctl(4, LOOP_SET_FD, 3 [pid 6772] <... futex resumed>) = 0 [pid 6771] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6778] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6772] <... openat resumed>) = 4 [pid 6772] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] <... ioctl resumed>) = 0 [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] close(3) = 0 [pid 6771] <... futex resumed>) = 1 [pid 6777] close(4 [pid 6772] <... futex resumed>) = 0 [pid 6771] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] <... close resumed>) = 0 [pid 6777] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 413.446408][ T6774] loop2: detected capacity change from 0 to 4096 [ 413.470129][ T6777] loop4: detected capacity change from 0 to 4096 [pid 6772] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6777] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6772] <... openat resumed>) = 5 [pid 6772] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6771] <... futex resumed>) = 0 [pid 6771] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] <... futex resumed>) = 0 [pid 6771] <... futex resumed>) = 1 [pid 6772] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6771] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] <... write resumed>) = 1116 [pid 6772] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6772] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6771] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] <... futex resumed>) = 0 [pid 6771] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6772] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6772] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6771] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6772] <... futex resumed>) = 0 [pid 6771] <... futex resumed>) = 1 [pid 6771] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6772] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6772] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] <... futex resumed>) = 0 [pid 6772] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6771] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./76/binderfs") = 0 [pid 5870] getdents64(3, [pid 6774] <... mount resumed>) = 0 [pid 6774] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6774] <... openat resumed>) = 3 [pid 6774] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6774] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] close(3 [pid 6774] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... close resumed>) = 0 [pid 6774] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("./76" [pid 6778] <... write resumed>) = 2097152 [pid 6774] <... futex resumed>) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6773] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... rmdir resumed>) = 0 [pid 6774] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] mkdir("./77", 0777) = 0 [pid 6778] munmap(0x7f7017800000, 138412032 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 6774] <... openat resumed>) = 4 [pid 5870] close(3 [pid 6778] <... munmap resumed>) = 0 [pid 6774] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6778] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6778] ioctl(4, LOOP_SET_FD, 3 [pid 6773] <... futex resumed>) = 0 [pid 6773] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6774] <... futex resumed>) = 0 [pid 6774] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6773] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... openat resumed>) = 5 [pid 6774] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6773] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6774] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6773] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6774] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6773] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6774] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6774] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6773] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] <... ioctl resumed>) = 0 [pid 6777] <... mount resumed>) = 0 [pid 6778] close(3) = 0 [pid 6778] close(4) = 0 [pid 6777] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6778] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6777] <... openat resumed>) = 3 [pid 6778] <... mkdir resumed>) = 0 [pid 6777] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6777] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6778] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6777] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... close resumed>) = 0 [ 413.671529][ T6778] loop3: detected capacity change from 0 to 4096 [pid 6777] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6777] <... futex resumed>) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6777] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6775] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6775] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6779 attached [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 168 [pid 6779] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6779] chdir("./77") = 0 [pid 6779] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6777] <... openat resumed>) = 4 [pid 6779] <... prctl resumed>) = 0 [pid 6779] setpgid(0, 0) = 0 [pid 6779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6777] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] write(3, "1000", 4 [pid 6777] <... futex resumed>) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6779] <... write resumed>) = 4 [pid 6777] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6775] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] close(3 [pid 6775] <... futex resumed>) = 0 [pid 6779] <... close resumed>) = 0 [pid 6775] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6777] <... openat resumed>) = 5 executing program [pid 6779] write(1, "executing program\n", 18) = 18 [pid 6779] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6777] <... futex resumed>) = 1 [pid 6779] <... mmap resumed>) = 0x7f701fcf4000 [pid 6777] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] <... futex resumed>) = 0 [pid 6779] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] <... mprotect resumed>) = 0 [pid 6777] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6775] <... futex resumed>) = 0 [pid 6779] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6777] <... write resumed>) = 1116 [pid 6775] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6779] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6777] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6777] <... futex resumed>) = 1 [pid 6775] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6780 attached [pid 6777] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6775] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... mmap resumed>) = 0x200000000000 [pid 6775] <... futex resumed>) = 0 [pid 6779] <... clone3 resumed> => {parent_tid=[169]}, 88) = 169 [pid 6777] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6779] rt_sigprocmask(SIG_SETMASK, [], [pid 6777] <... futex resumed>) = 0 [pid 6775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6777] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6775] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6775] <... futex resumed>) = 0 [pid 6777] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6775] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] <... futex resumed>) = 0 [pid 6775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6780] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6779] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6777] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6775] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... rseq resumed>) = 0 [pid 6779] <... futex resumed>) = 0 [pid 6777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6775] <... futex resumed>) = 0 [pid 6780] set_robust_list(0x7f701fd149a0, 24 [pid 6779] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6777] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6775] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... set_robust_list resumed>) = 0 [pid 6780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6780] memfd_create("syzkaller", 0) = 3 [pid 6780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6780] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6778] <... mount resumed>) = 0 [pid 6778] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6778] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6778] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6778] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6778] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6776] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] <... openat resumed>) = 4 [pid 6778] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6771] <... futex resumed>) = ? [pid 6778] <... openat resumed>) = 5 [pid 6772] +++ killed by SIGSEGV (core dumped) +++ [pid 6771] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=158, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6778] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6778] <... futex resumed>) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6778] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6776] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... write resumed>) = 2097152 [pid 6778] <... write resumed>) = 1116 [pid 6776] <... futex resumed>) = 0 [pid 5868] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6780] munmap(0x7f7017800000, 138412032 [pid 6778] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6778] <... futex resumed>) = 0 [pid 6776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6778] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6776] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6776] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6778] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6776] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] newfstatat(3, "", [pid 6778] <... mmap resumed>) = 0x200000000000 [pid 6778] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6778] <... futex resumed>) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6778] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] getdents64(3, [pid 6776] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6778] <... futex resumed>) = 0 [pid 6776] <... futex resumed>) = 1 [pid 6778] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5868] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6778] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6776] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... munmap resumed>) = 0 [pid 6778] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6778] <... futex resumed>) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6776] <... futex resumed>) = 0 [pid 6780] <... openat resumed>) = 4 [pid 6780] ioctl(4, LOOP_SET_FD, 3 [pid 6773] <... futex resumed>) = ? [pid 6780] <... ioctl resumed>) = 0 [pid 6780] close(3) = 0 [pid 6780] close(4) = 0 [ 414.163250][ T6780] loop1: detected capacity change from 0 to 4096 [pid 6780] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6780] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6774] +++ killed by SIGSEGV (core dumped) +++ [pid 6773] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=160, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5869] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6775] <... futex resumed>) = ? [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6777] +++ killed by SIGSEGV (core dumped) +++ [pid 6775] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=162, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x37\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... rmdir resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... openat resumed>) = 3 [pid 5868] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5872] newfstatat(3, "", [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] unlink("./76/binderfs" [pid 5872] getdents64(3, [pid 5868] <... unlink resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] getdents64(3, [pid 5872] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./76") = 0 [pid 5868] mkdir("./77", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6780] <... mount resumed>) = 0 [pid 6780] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] <... close resumed>) = 0 [pid 6780] <... openat resumed>) = 3 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6781 attached [pid 6780] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] <... umount2 resumed>) = 0 [pid 6781] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6781] chdir("./77") = 0 [pid 6781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6781] setpgid(0, 0) = 0 [pid 6781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 160 [pid 6780] <... chdir resumed>) = 0 [pid 6780] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6781] write(3, "1000", 4) = 4 [pid 6780] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6780] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] close(3) = 0 [pid 6781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6780] <... futex resumed>) = 1 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6780] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] <... futex resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", executing program [pid 6779] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6780] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6781] write(1, "executing program\n", 18) = 18 [pid 6781] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6781] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6782 attached [pid 5869] newfstatat(4, "", [pid 6781] <... clone3 resumed> => {parent_tid=[161]}, 88) = 161 [pid 6781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6781] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6782] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6782] <... rseq resumed>) = 0 [pid 6780] <... openat resumed>) = 4 [pid 5869] close(4 [pid 6782] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] <... close resumed>) = 0 [pid 6782] memfd_create("syzkaller", 0 [pid 5869] rmdir("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6782] <... memfd_create resumed>) = 3 [pid 6782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6782] <... mmap resumed>) = 0x7f7017800000 [pid 5869] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6780] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(AT_FDCWD, "./77/binderfs", [pid 6780] <... futex resumed>) = 1 [pid 6780] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6779] <... futex resumed>) = 0 [pid 5869] unlink("./77/binderfs" [pid 6779] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... unlink resumed>) = 0 [pid 6780] <... futex resumed>) = 0 [pid 6780] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 6780] <... openat resumed>) = 5 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./77" [pid 6780] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... rmdir resumed>) = 0 [pid 6780] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] <... futex resumed>) = 0 [pid 5869] mkdir("./78", 0777 [pid 6779] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6780] <... futex resumed>) = 0 [pid 6779] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... umount2 resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 6780] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6780] <... write resumed>) = 1116 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6780] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6778] +++ killed by SIGSEGV (core dumped) +++ [pid 6776] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... openat resumed>) = 3 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=161, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 6780] <... futex resumed>) = 1 [pid 6779] <... futex resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] close(3 [pid 6780] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6779] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6779] <... futex resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6780] <... mmap resumed>) = 0x200000000000 [pid 6779] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... openat resumed>) = 4 [pid 5871] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] newfstatat(4, "", [pid 6780] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5872] getdents64(4, [pid 5871] newfstatat(3, "", [pid 6780] <... futex resumed>) = 1 [pid 6779] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6779] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(4, [pid 6779] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6779] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./77/binderfs") = 0 [pid 6782] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6780] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5872] getdents64(3, [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6780] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] getdents64(3, [pid 6780] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] close(3 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6780] <... futex resumed>) = 1 [pid 6779] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6780] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] rmdir("./77" [pid 6780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6779] <... futex resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 6780] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6779] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] mkdir("./78", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6783 attached , child_tidptr=0x55557616a690) = 162 [pid 6783] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... close resumed>) = 0 [pid 6783] <... set_robust_list resumed>) = 0 [pid 6783] chdir("./78") = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6783] setpgid(0, 0./strace-static-x86_64: Process 6784 attached ) = 0 [pid 6784] set_robust_list(0x55557616a6a0, 24 [pid 6783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6784] <... set_robust_list resumed>) = 0 [pid 6784] chdir("./78" [pid 6783] <... openat resumed>) = 3 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 164 [pid 6784] <... chdir resumed>) = 0 [pid 6784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6783] write(3, "1000", 4 [pid 6782] <... write resumed>) = 2097152 [pid 6783] <... write resumed>) = 4 [pid 6783] close(3) = 0 [pid 6784] setpgid(0, 0 [pid 6783] symlink("/dev/binderfs", "./binderfs" [pid 6784] <... setpgid resumed>) = 0 [pid 6783] <... symlink resumed>) = 0 executing program [pid 6784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6783] write(1, "executing program\n", 18) = 18 [pid 6784] <... openat resumed>) = 3 [pid 6783] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6784] write(3, "1000", 4 [pid 6783] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6784] <... write resumed>) = 4 [pid 6783] <... mprotect resumed>) = 0 [pid 6784] close(3 [pid 6783] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6784] <... close resumed>) = 0 [pid 6783] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6784] symlink("/dev/binderfs", "./binderfs" [pid 6783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6785 attached [pid 6784] <... symlink resumed>) = 0 [pid 6784] write(1, "executing program\n", 18 [pid 6783] <... clone3 resumed> => {parent_tid=[163]}, 88) = 163 executing program [pid 6784] <... write resumed>) = 18 [pid 6783] rt_sigprocmask(SIG_SETMASK, [], [pid 6782] munmap(0x7f7017800000, 138412032 [pid 6784] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6785] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6784] <... futex resumed>) = 0 [pid 6783] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] <... rseq resumed>) = 0 [pid 6784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6783] <... futex resumed>) = 0 [pid 6785] set_robust_list(0x7f701fd149a0, 24 [pid 6784] <... mmap resumed>) = 0x7f701fcf4000 [pid 6783] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6782] <... munmap resumed>) = 0 [pid 6785] <... set_robust_list resumed>) = 0 [pid 6784] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... umount2 resumed>) = 0 [pid 6784] <... mprotect resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6782] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6785] rt_sigprocmask(SIG_SETMASK, [], [pid 6784] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6782] <... openat resumed>) = 4 [pid 5871] <... openat resumed>) = 4 [pid 6785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6782] ioctl(4, LOOP_SET_FD, 3 [pid 5871] newfstatat(4, "", [pid 6785] memfd_create("syzkaller", 0 [pid 6784] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6786 attached [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6786] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5871] close(4 [pid 6786] <... rseq resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6786] set_robust_list(0x7f701fd149a0, 24 [pid 5871] rmdir("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6786] <... set_robust_list resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 6786] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6786] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./77/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./77") = 0 [pid 5871] mkdir("./78", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6785] <... memfd_create resumed>) = 3 [pid 6785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6782] <... ioctl resumed>) = 0 [pid 6782] close(3) = 0 [pid 6782] close(4) = 0 [pid 6782] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6782] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6784] <... clone3 resumed> => {parent_tid=[165]}, 88) = 165 [pid 6784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6784] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6786] <... futex resumed>) = 0 [ 414.792978][ T6782] loop0: detected capacity change from 0 to 4096 [pid 6786] memfd_create("syzkaller", 0) = 3 [pid 5871] <... close resumed>) = 0 [pid 6786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 163 ./strace-static-x86_64: Process 6787 attached [pid 6787] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6787] chdir("./78") = 0 [pid 6787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6787] setpgid(0, 0) = 0 [pid 6785] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6787] write(3, "1000", 4 [pid 6786] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6787] <... write resumed>) = 4 [pid 6787] close(3 [pid 6785] <... write resumed>) = 2097152 [pid 6787] <... close resumed>) = 0 [pid 6787] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6787] write(1, "executing program\n", 18 [pid 6785] munmap(0x7f7017800000, 138412032 [pid 6787] <... write resumed>) = 18 [pid 6785] <... munmap resumed>) = 0 [pid 6787] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6787] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6787] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6788 attached => {parent_tid=[164]}, 88) = 164 [pid 6785] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6788] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6787] rt_sigprocmask(SIG_SETMASK, [], [pid 6785] <... openat resumed>) = 4 [pid 6788] <... rseq resumed>) = 0 [pid 6787] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6785] ioctl(4, LOOP_SET_FD, 3 [pid 6787] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] set_robust_list(0x7f701fd149a0, 24 [pid 6787] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6785] <... ioctl resumed>) = 0 [pid 6788] <... set_robust_list resumed>) = 0 [pid 6785] close(3 [pid 6788] rt_sigprocmask(SIG_SETMASK, [], [pid 6785] <... close resumed>) = 0 [pid 6788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6785] close(4 [pid 6788] memfd_create("syzkaller", 0 [pid 6785] <... close resumed>) = 0 [pid 6788] <... memfd_create resumed>) = 3 [pid 6785] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6785] <... mkdir resumed>) = 0 [pid 6788] <... mmap resumed>) = 0x7f7017800000 [ 414.969234][ T6785] loop2: detected capacity change from 0 to 4096 [pid 6785] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6786] <... write resumed>) = 2097152 [pid 6786] munmap(0x7f7017800000, 138412032) = 0 [pid 6779] <... futex resumed>) = ? [pid 6782] <... mount resumed>) = 0 [pid 6786] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6782] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6786] <... openat resumed>) = 4 [pid 6780] +++ killed by SIGSEGV (core dumped) +++ [pid 6782] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6779] +++ killed by SIGSEGV (core dumped) +++ [pid 6786] ioctl(4, LOOP_SET_FD, 3 [pid 6782] <... chdir resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=168, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 6788] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6782] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6782] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6782] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6782] <... futex resumed>) = 1 [pid 6781] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6782] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6781] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6781] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 6781] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6782] <... openat resumed>) = 4 [pid 6785] <... mount resumed>) = 0 [pid 6782] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] <... futex resumed>) = 0 [pid 6785] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6781] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... ioctl resumed>) = 0 [pid 6785] <... openat resumed>) = 3 [pid 6786] close(3 [pid 6785] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6781] <... futex resumed>) = 0 [ 415.072574][ T6786] loop4: detected capacity change from 0 to 4096 [pid 6786] <... close resumed>) = 0 [pid 6785] <... chdir resumed>) = 0 [pid 6782] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6781] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6785] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6786] close(4 [pid 6785] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6786] <... close resumed>) = 0 [pid 6786] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6785] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... mkdir resumed>) = 0 [pid 6785] <... futex resumed>) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6785] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6783] <... futex resumed>) = 0 [pid 6785] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6783] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] <... openat resumed>) = 5 [pid 6782] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6781] <... futex resumed>) = 0 [pid 6781] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] <... openat resumed>) = 4 [pid 6782] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6781] <... futex resumed>) = 0 [pid 6781] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] <... write resumed>) = 1116 [pid 6788] <... write resumed>) = 2097152 [pid 6782] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6782] <... futex resumed>) = 1 [pid 6783] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] <... futex resumed>) = 0 [pid 6781] <... futex resumed>) = 0 [pid 6785] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6788] munmap(0x7f7017800000, 138412032 [pid 6785] <... openat resumed>) = 5 [pid 6783] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6781] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6781] <... futex resumed>) = 0 [pid 6782] <... mmap resumed>) = 0x200000000000 [pid 6781] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6785] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6785] <... futex resumed>) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6782] <... futex resumed>) = 0 [pid 6781] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6781] <... futex resumed>) = 0 [pid 6785] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6783] <... futex resumed>) = 0 [pid 6782] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6781] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6788] <... munmap resumed>) = 0 [pid 6785] <... write resumed>) = 1116 [pid 6783] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6782] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6782] <... futex resumed>) = 0 [pid 6785] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6781] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] <... futex resumed>) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6785] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6783] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] <... mmap resumed>) = 0x200000000000 [pid 6783] <... futex resumed>) = 0 [pid 6783] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6785] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6785] <... futex resumed>) = 0 [pid 6783] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6783] <... futex resumed>) = 0 [pid 6785] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6783] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6785] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6783] <... futex resumed>) = 0 [pid 6785] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6783] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6788] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6788] ioctl(4, LOOP_SET_FD, 3 [pid 6785] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6788] <... ioctl resumed>) = 0 [pid 6788] close(3) = 0 [pid 6788] close(4) = 0 [ 415.204190][ T6788] loop3: detected capacity change from 0 to 4096 [pid 6788] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6788] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./77/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./77") = 0 [pid 5870] mkdir("./78", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6786] <... mount resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 6786] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 6786] <... openat resumed>) = 3 [pid 6786] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6786] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6786] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6786] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6786] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 6786] <... futex resumed>) = 1 [pid 6786] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6784] <... futex resumed>) = 1 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6786] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6784] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6786] <... openat resumed>) = 5 ./strace-static-x86_64: Process 6789 attached [pid 6789] set_robust_list(0x55557616a6a0, 24 [pid 6786] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6784] <... futex resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 170 [pid 6784] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... set_robust_list resumed>) = 0 [pid 6786] <... write resumed>) = 1116 [pid 6789] chdir("./78" [pid 6786] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... chdir resumed>) = 0 [pid 6789] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6786] <... futex resumed>) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6784] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... prctl resumed>) = 0 [pid 6788] <... mount resumed>) = 0 [pid 6786] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6789] setpgid(0, 0 [pid 6786] <... mmap resumed>) = 0x200000000000 [pid 6789] <... setpgid resumed>) = 0 [pid 6786] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6786] <... futex resumed>) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6784] <... futex resumed>) = 0 [pid 6788] <... openat resumed>) = 3 [pid 6784] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6788] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6786] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6788] <... chdir resumed>) = 0 [pid 6786] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6788] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6786] <... futex resumed>) = 1 [pid 6784] <... futex resumed>) = 0 [pid 6784] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6784] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6788] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... openat resumed>) = 3 [pid 6788] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6787] <... futex resumed>) = 0 [pid 6789] write(3, "1000", 4) = 4 [pid 6788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6787] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6787] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] close(3 [pid 6788] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6789] <... close resumed>) = 0 [pid 6789] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6789] write(1, "executing program\n", 18) = 18 [pid 6789] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] <... openat resumed>) = 4 [pid 6789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6789] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6788] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6788] <... futex resumed>) = 1 [pid 6787] <... futex resumed>) = 0 [pid 6787] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6787] <... futex resumed>) = 0 [pid 6787] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6783] <... futex resumed>) = ? ./strace-static-x86_64: Process 6790 attached [pid 6781] <... futex resumed>) = ? [pid 6790] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6789] <... clone3 resumed> => {parent_tid=[171]}, 88) = 171 [pid 6788] <... openat resumed>) = 5 [pid 6790] <... rseq resumed>) = 0 [pid 6789] rt_sigprocmask(SIG_SETMASK, [], [pid 6788] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] set_robust_list(0x7f701fd149a0, 24 [pid 6789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6788] <... futex resumed>) = 1 [pid 6787] <... futex resumed>) = 0 [pid 6790] <... set_robust_list resumed>) = 0 [pid 6789] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6787] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] rt_sigprocmask(SIG_SETMASK, [], [pid 6789] <... futex resumed>) = 0 [pid 6787] <... futex resumed>) = 0 [pid 6789] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6787] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6788] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6790] memfd_create("syzkaller", 0 [pid 6788] <... write resumed>) = 1116 [pid 6785] +++ killed by SIGSEGV (core dumped) +++ [pid 6783] +++ killed by SIGSEGV (core dumped) +++ [pid 6788] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=162, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 6790] <... memfd_create resumed>) = 3 [pid 6787] <... futex resumed>) = 0 [pid 6788] <... futex resumed>) = 1 [pid 6790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6787] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6787] <... futex resumed>) = 0 [pid 6790] <... mmap resumed>) = 0x7f7017800000 [pid 6787] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6782] +++ killed by SIGSEGV (core dumped) +++ [pid 6781] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=160, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6788] <... mmap resumed>) = 0x200000000000 [pid 5869] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] <... restart_syscall resumed>) = 0 [pid 6788] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(3, "", [pid 6788] <... futex resumed>) = 1 [pid 6787] <... futex resumed>) = 0 [pid 6787] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6787] <... futex resumed>) = 0 [pid 6788] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5869] getdents64(3, [pid 6787] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6788] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6788] <... futex resumed>) = 0 [pid 6787] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6788] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6787] <... futex resumed>) = 0 [pid 5868] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6790] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x37\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./77/binderfs") = 0 [pid 5868] getdents64(3, [pid 6790] <... write resumed>) = 2097152 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] rmdir("./77" [pid 5869] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... rmdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6790] munmap(0x7f7017800000, 138412032 [pid 5868] mkdir("./78", 0777 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... mkdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6790] <... munmap resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6790] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] <... openat resumed>) = 4 [pid 6790] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", [pid 6790] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6790] <... ioctl resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6790] close(3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6790] <... close resumed>) = 0 [pid 5869] unlink("./78/binderfs" [pid 6790] close(4) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6790] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] getdents64(3, [pid 6790] <... mkdir resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 6790] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./78") = 0 [pid 5869] mkdir("./79", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5868] <... close resumed>) = 0 [ 415.903294][ T6790] loop1: detected capacity change from 0 to 4096 [pid 5869] <... close resumed>) = 0 [pid 6784] <... futex resumed>) = ? [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6791 attached [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 162 [pid 6791] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6786] +++ killed by SIGSEGV (core dumped) +++ [pid 6784] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=164, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 6791] chdir("./78"./strace-static-x86_64: Process 6792 attached [pid 5872] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 164 [pid 6792] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6792] chdir("./79" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6792] <... chdir resumed>) = 0 [pid 6792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6792] setpgid(0, 0) = 0 [pid 6792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6792] write(3, "1000", 4 [pid 5872] getdents64(3, [pid 6792] <... write resumed>) = 4 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6791] <... chdir resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6791] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 6792] close(3 [pid 6791] <... prctl resumed>) = 0 [pid 6792] <... close resumed>) = 0 [pid 6791] setpgid(0, 0 [pid 6792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6792] write(1, "executing program\n", 18) = 18 [pid 6792] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6792] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6793 attached [pid 6791] <... setpgid resumed>) = 0 [pid 6792] <... clone3 resumed> => {parent_tid=[165]}, 88) = 165 [pid 6792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6792] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6792] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6793] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6793] <... rseq resumed>) = 0 [pid 6793] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6791] <... openat resumed>) = 3 [pid 6793] memfd_create("syzkaller", 0 [pid 6791] write(3, "1000", 4 [pid 6793] <... memfd_create resumed>) = 3 [pid 6791] <... write resumed>) = 4 [pid 6793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6791] close(3 [pid 6793] <... mmap resumed>) = 0x7f7017800000 [pid 6791] <... close resumed>) = 0 [pid 6791] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6791] write(1, "executing program\n", 18) = 18 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6791] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6788] +++ killed by SIGSEGV (core dumped) +++ [pid 6791] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6787] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=163, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6791] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] <... restart_syscall resumed>) = 0 [pid 6791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6794 attached => {parent_tid=[163]}, 88) = 163 [pid 5871] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6791] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6790] <... mount resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 6794] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6790] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6790] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6790] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6790] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6790] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6789] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... rseq resumed>) = 0 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6789] <... futex resumed>) = 0 [pid 5871] newfstatat(3, "", [pid 6794] set_robust_list(0x7f701fd149a0, 24 [pid 6789] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6794] <... set_robust_list resumed>) = 0 [pid 5871] getdents64(3, [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6794] memfd_create("syzkaller", 0 [pid 6793] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6790] <... openat resumed>) = 4 [pid 6794] <... memfd_create resumed>) = 3 [pid 6790] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6790] <... futex resumed>) = 1 [pid 6794] <... mmap resumed>) = 0x7f7017800000 [pid 6790] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6790] <... futex resumed>) = 0 [pid 6789] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6790] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... write resumed>) = 2097152 [pid 6790] <... futex resumed>) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6793] munmap(0x7f7017800000, 138412032 [pid 6789] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6789] <... futex resumed>) = 0 [pid 6790] <... write resumed>) = 1116 [pid 6789] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6789] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6789] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6794] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6793] <... munmap resumed>) = 0 [pid 6790] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6790] <... futex resumed>) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6790] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6789] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6789] <... futex resumed>) = 0 [pid 6793] ioctl(4, LOOP_SET_FD, 3 [pid 6790] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6790] <... futex resumed>) = 0 [pid 6789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6790] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6789] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = 0 [pid 6793] <... ioctl resumed>) = 0 [pid 6793] close(3) = 0 [pid 6793] close(4) = 0 [pid 5872] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6793] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6793] <... mkdir resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6793] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6794] <... write resumed>) = 2097152 [pid 6794] munmap(0x7f7017800000, 138412032 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./78/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./78") = 0 [ 416.229169][ T6793] loop2: detected capacity change from 0 to 4096 [pid 5872] mkdir("./79", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6794] <... munmap resumed>) = 0 [pid 6794] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] <... umount2 resumed>) = 0 [pid 6794] <... openat resumed>) = 4 [pid 5871] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6794] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... close resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./78/binderfs") = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6794] <... ioctl resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6794] close(3 [pid 5871] close(3 [pid 6794] <... close resumed>) = 0 [pid 6794] close(4 [pid 5871] <... close resumed>) = 0 [pid 6794] <... close resumed>) = 0 [pid 5871] rmdir("./78" [pid 6794] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 6794] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6793] <... mount resumed>) = 0 [pid 5871] mkdir("./79", 0777./strace-static-x86_64: Process 6795 attached [pid 6795] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6795] chdir("./79") = 0 [pid 6795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6795] setpgid(0, 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 166 [pid 6795] <... setpgid resumed>) = 0 [pid 6795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 416.333438][ T6794] loop0: detected capacity change from 0 to 4096 [pid 6795] write(3, "1000", 4 [pid 6793] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] <... mkdir resumed>) = 0 [pid 6793] <... openat resumed>) = 3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6795] <... write resumed>) = 4 [pid 6795] close(3) = 0 [pid 5871] <... openat resumed>) = 3 [pid 6795] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6795] write(1, "executing program\n", 18 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 6795] <... write resumed>) = 18 [pid 6795] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... ioctl resumed>) = 0 [pid 6793] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6795] <... futex resumed>) = 0 [pid 6795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6793] <... chdir resumed>) = 0 [pid 5871] close(3 [pid 6793] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6795] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6796 attached [pid 6793] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6795] <... clone3 resumed> => {parent_tid=[167]}, 88) = 167 [pid 6796] <... rseq resumed>) = 0 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6796] set_robust_list(0x7f701fd149a0, 24 [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6796] <... set_robust_list resumed>) = 0 [pid 6795] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] <... futex resumed>) = 0 [pid 6793] <... futex resumed>) = 1 [pid 6796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6795] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6793] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] memfd_create("syzkaller", 0 [pid 6793] <... futex resumed>) = 0 [pid 6792] <... futex resumed>) = 1 [pid 6796] <... memfd_create resumed>) = 3 [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6793] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6792] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... mmap resumed>) = 0x7f7017800000 [pid 5871] <... close resumed>) = 0 [pid 6793] <... openat resumed>) = 4 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6797 attached [pid 6797] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 165 [pid 6797] <... set_robust_list resumed>) = 0 [pid 6797] chdir("./79" [pid 6793] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] <... chdir resumed>) = 0 [pid 6793] <... futex resumed>) = 0 [pid 6792] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6792] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6793] <... openat resumed>) = 5 [pid 6797] <... prctl resumed>) = 0 [pid 6793] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] setpgid(0, 0) = 0 [pid 6793] <... futex resumed>) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6792] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6793] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6792] <... futex resumed>) = 0 [pid 6797] <... openat resumed>) = 3 [pid 6793] <... write resumed>) = 1116 [pid 6792] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6793] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] write(3, "1000", 4 [pid 6793] <... futex resumed>) = 0 [pid 6792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6797] <... write resumed>) = 4 [pid 6793] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6792] <... futex resumed>) = 0 [pid 6797] close(3 [pid 6793] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6792] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] <... close resumed>) = 0 [pid 6793] <... mmap resumed>) = 0x200000000000 [pid 6797] symlink("/dev/binderfs", "./binderfs" [pid 6793] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] <... symlink resumed>) = 0 [pid 6793] <... futex resumed>) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6797] write(1, "executing program\n", 18 [pid 6793] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6792] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6797] <... write resumed>) = 18 [pid 6796] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6793] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6792] <... futex resumed>) = 0 [pid 6797] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6792] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6797] <... futex resumed>) = 0 [pid 6793] <... futex resumed>) = 0 [pid 6792] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6792] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6793] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6797] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6794] <... mount resumed>) = 0 [pid 6794] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6794] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6794] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6798 attached [pid 6797] <... clone3 resumed> => {parent_tid=[166]}, 88) = 166 [pid 6794] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6794] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6797] rt_sigprocmask(SIG_SETMASK, [], [pid 6798] <... rseq resumed>) = 0 [pid 6797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] <... futex resumed>) = 1 [pid 6797] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] set_robust_list(0x7f701fd149a0, 24 [pid 6794] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6791] <... futex resumed>) = 0 [pid 6794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6791] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6791] <... futex resumed>) = 0 [pid 6798] <... set_robust_list resumed>) = 0 [pid 6797] <... futex resumed>) = 0 [pid 6794] <... openat resumed>) = 4 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] rt_sigprocmask(SIG_SETMASK, [], [pid 6797] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6794] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] <... futex resumed>) = 1 [pid 6791] <... futex resumed>) = 0 [pid 6794] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6791] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] memfd_create("syzkaller", 0 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] <... openat resumed>) = 5 [pid 6798] <... memfd_create resumed>) = 3 [pid 6794] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6794] <... futex resumed>) = 1 [pid 6791] <... futex resumed>) = 0 [pid 6798] <... mmap resumed>) = 0x7f7017800000 [pid 6791] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6791] <... futex resumed>) = 0 [pid 6794] <... write resumed>) = 1116 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6791] <... futex resumed>) = 0 [pid 6794] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6791] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... mmap resumed>) = 0x200000000000 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... futex resumed>) = ? [pid 6794] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6794] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6794] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6796] <... write resumed>) = 2097152 [pid 6790] +++ killed by SIGSEGV (core dumped) +++ [pid 6789] +++ killed by SIGSEGV (core dumped) +++ [pid 6796] munmap(0x7f7017800000, 138412032 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=170, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 6796] <... munmap resumed>) = 0 [pid 5870] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6796] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6796] ioctl(4, LOOP_SET_FD, 3 [pid 6798] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6796] <... ioctl resumed>) = 0 [pid 6796] close(3) = 0 [pid 6796] close(4) = 0 [pid 6796] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 416.738497][ T6796] loop4: detected capacity change from 0 to 4096 [pid 6796] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6798] <... write resumed>) = 2097152 [pid 6798] munmap(0x7f7017800000, 138412032) = 0 [pid 6798] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... umount2 resumed>) = 0 [pid 6798] <... openat resumed>) = 4 [pid 5870] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6798] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6798] <... ioctl resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 6798] close(3) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6798] close(4 [pid 5870] getdents64(4, [pid 6798] <... close resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6798] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5870] getdents64(4, [pid 6798] <... mkdir resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 6798] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./78/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./78") = 0 [pid 5870] mkdir("./79", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 416.920943][ T6798] loop3: detected capacity change from 0 to 4096 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3) = 0 [pid 6796] <... mount resumed>) = 0 [pid 6792] <... futex resumed>) = ? [pid 6796] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6796] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6793] +++ killed by SIGSEGV (core dumped) +++ [pid 6792] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6799 attached [pid 6796] <... chdir resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=164, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 6796] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 172 [pid 5869] <... restart_syscall resumed>) = 0 [pid 6796] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6791] <... futex resumed>) = ? [pid 5869] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6799] set_robust_list(0x55557616a6a0, 24 [pid 6796] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... set_robust_list resumed>) = 0 [pid 6796] <... futex resumed>) = 1 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6799] chdir("./79" [pid 6796] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6799] <... chdir resumed>) = 0 [pid 6799] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6795] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6799] <... prctl resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 6799] setpgid(0, 0 [pid 6795] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6799] <... setpgid resumed>) = 0 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = 1 [pid 5869] getdents64(3, [pid 6799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6796] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6795] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6799] <... openat resumed>) = 3 [pid 6794] +++ killed by SIGSEGV (core dumped) +++ [pid 6791] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=162, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 6799] write(3, "1000", 4 [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6799] <... write resumed>) = 4 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6799] close(3 [pid 6798] <... mount resumed>) = 0 [pid 6798] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6798] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6798] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6798] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... close resumed>) = 0 [pid 6799] symlink("/dev/binderfs", "./binderfs" [pid 6798] <... futex resumed>) = 1 [pid 6798] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6799] <... symlink resumed>) = 0 [pid 6799] write(1, "executing program\n", 18 [pid 6797] <... futex resumed>) = 0 [pid 6797] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6798] <... futex resumed>) = 0 [pid 6799] <... write resumed>) = 18 [pid 6797] <... futex resumed>) = 1 [pid 6798] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6799] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] <... futex resumed>) = 0 [pid 6799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6796] <... openat resumed>) = 4 [pid 6799] <... mmap resumed>) = 0x7f701fcf4000 [pid 6799] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6796] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... mprotect resumed>) = 0 [pid 6796] <... futex resumed>) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6796] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6795] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6798] <... openat resumed>) = 4 [pid 6796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6795] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6798] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6798] <... futex resumed>) = 1 [pid 6797] <... futex resumed>) = 0 [pid 6798] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6797] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6798] <... openat resumed>) = 5 [pid 6797] <... futex resumed>) = 0 [pid 6796] <... openat resumed>) = 5 [pid 6798] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6797] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6800 attached ) = -1 EAGAIN (Resource temporarily unavailable) [pid 6796] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6798] <... futex resumed>) = 0 [pid 6797] <... futex resumed>) = 1 [pid 6796] <... futex resumed>) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6799] <... clone3 resumed> => {parent_tid=[173]}, 88) = 173 [pid 6800] <... rseq resumed>) = 0 [pid 6799] rt_sigprocmask(SIG_SETMASK, [], [pid 6798] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6797] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6795] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... write resumed>) = 1116 [pid 6795] <... futex resumed>) = 0 [pid 6798] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] <... futex resumed>) = 0 [pid 6800] set_robust_list(0x7f701fd149a0, 24 [pid 6799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6798] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6796] <... write resumed>) = 1116 [pid 6799] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6796] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] <... set_robust_list resumed>) = 0 [pid 6797] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] rt_sigprocmask(SIG_SETMASK, [], [pid 6798] <... futex resumed>) = 0 [pid 6797] <... futex resumed>) = 1 [pid 6796] <... futex resumed>) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6798] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6795] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6798] <... mmap resumed>) = 0x200000000000 [pid 6797] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6798] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = 0 [pid 6800] memfd_create("syzkaller", 0 [pid 6798] <... futex resumed>) = 0 [pid 6795] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] <... memfd_create resumed>) = 3 [pid 6798] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6796] <... mmap resumed>) = 0x200000000000 [pid 6800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6797] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] <... futex resumed>) = 0 [pid 6800] <... mmap resumed>) = 0x7f7017800000 [pid 6798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6797] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6796] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6795] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6798] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = 0 [pid 6795] <... futex resumed>) = 1 [pid 6798] <... futex resumed>) = 1 [pid 6797] <... futex resumed>) = 0 [pid 6795] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6797] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6797] <... futex resumed>) = 0 [pid 6796] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6797] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6796] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6795] <... futex resumed>) = 0 [pid 6795] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6800] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] getdents64(4, [pid 5868] <... umount2 resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] getdents64(4, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] newfstatat(AT_FDCWD, "./79/binderfs", [pid 5868] <... openat resumed>) = 4 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] newfstatat(4, "", [pid 5869] unlink("./79/binderfs" [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5868] getdents64(4, [pid 5869] getdents64(3, [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] getdents64(4, [pid 5869] close(3 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] close(4) = 0 [pid 5869] rmdir("./79" [pid 5868] rmdir("\x2e\x2f\x37\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] mkdir("./80", 0777 [pid 5868] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... mkdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./78/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./78" [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... rmdir resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5868] mkdir("./79", 0777 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... mkdir resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] close(3 [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] <... close resumed>) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 6800] <... write resumed>) = 2097152 [pid 6800] munmap(0x7f7017800000, 138412032) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 166 [pid 6800] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6800] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6801 attached [pid 6801] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6801] chdir("./80") = 0 [pid 6801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6801] setpgid(0, 0) = 0 [pid 6801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6801] write(3, "1000", 4) = 4 [pid 6801] close(3) = 0 [pid 6801] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6801] write(1, "executing program\n", 18 [pid 5868] <... close resumed>) = 0 [pid 6801] <... write resumed>) = 18 [pid 6801] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6801] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6801] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6800] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6802 attached [pid 6800] close(3./strace-static-x86_64: Process 6803 attached [pid 6801] <... clone3 resumed> => {parent_tid=[167]}, 88) = 167 [pid 6800] <... close resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 164 [pid 6802] set_robust_list(0x55557616a6a0, 24 [pid 6801] rt_sigprocmask(SIG_SETMASK, [], [pid 6800] close(4 [pid 6803] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6800] <... close resumed>) = 0 [pid 6803] <... rseq resumed>) = 0 [pid 6801] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6803] set_robust_list(0x7f701fd149a0, 24 [pid 6801] <... futex resumed>) = 0 [pid 6800] <... mkdir resumed>) = 0 [pid 6803] <... set_robust_list resumed>) = 0 [pid 6801] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6800] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6802] <... set_robust_list resumed>) = 0 [ 417.482659][ T6800] loop1: detected capacity change from 0 to 4096 [pid 6802] chdir("./79" [pid 6803] memfd_create("syzkaller", 0) = 3 [pid 6803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6802] <... chdir resumed>) = 0 [pid 6802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6802] setpgid(0, 0) = 0 [pid 6802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6802] write(3, "1000", 4) = 4 [pid 6802] close(3) = 0 [pid 6802] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6802] write(1, "executing program\n", 18) = 18 [pid 6802] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6802] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6804 attached [pid 6804] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6802] <... clone3 resumed> => {parent_tid=[165]}, 88) = 165 [pid 6802] rt_sigprocmask(SIG_SETMASK, [], [pid 6804] <... rseq resumed>) = 0 [pid 6803] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6804] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6802] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6804] memfd_create("syzkaller", 0 [pid 6802] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6797] <... futex resumed>) = ? [pid 6804] <... memfd_create resumed>) = 3 [pid 6798] +++ killed by SIGSEGV (core dumped) +++ [pid 6804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6797] +++ killed by SIGSEGV (core dumped) +++ [pid 6804] <... mmap resumed>) = 0x7f7017800000 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=165, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5871] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 6795] <... futex resumed>) = ? [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6800] <... mount resumed>) = 0 [pid 6804] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6800] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6800] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6800] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6800] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6799] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6796] +++ killed by SIGSEGV (core dumped) +++ [pid 6795] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=166, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 6800] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... futex resumed>) = 0 [pid 6799] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] <... futex resumed>) = 1 [pid 6800] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5872] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6800] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6800] <... futex resumed>) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6799] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6800] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... futex resumed>) = 0 [pid 6799] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] <... futex resumed>) = 1 [pid 6800] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5872] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, [pid 6800] <... mmap resumed>) = 0x200000000000 [pid 6800] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6799] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6799] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... write resumed>) = 2097152 [pid 6800] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6803] munmap(0x7f7017800000, 138412032 [pid 6800] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6804] <... write resumed>) = 2097152 [pid 6803] <... munmap resumed>) = 0 [pid 6800] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6804] munmap(0x7f7017800000, 138412032 [pid 6800] <... futex resumed>) = 1 [pid 6799] <... futex resumed>) = 0 [pid 6799] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6799] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6803] ioctl(4, LOOP_SET_FD, 3 [pid 6804] <... munmap resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 6803] <... ioctl resumed>) = 0 [pid 6803] close(3) = 0 [pid 6803] close(4) = 0 [pid 6803] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6803] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6804] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6804] <... openat resumed>) = 4 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6804] ioctl(4, LOOP_SET_FD, 3 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [ 417.795975][ T6803] loop2: detected capacity change from 0 to 4096 [ 417.834447][ T6804] loop0: detected capacity change from 0 to 4096 [pid 6804] <... ioctl resumed>) = 0 [pid 5871] close(4 [pid 6804] close(3 [pid 5871] <... close resumed>) = 0 [pid 6804] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 6804] close(4 [pid 5871] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6804] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6804] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5871] newfstatat(AT_FDCWD, "./79/binderfs", [pid 6804] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./79/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./79") = 0 [pid 5871] mkdir("./80", 0777 [pid 5872] <... umount2 resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6803] <... mount resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 6803] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] <... ioctl resumed>) = 0 [pid 6803] <... openat resumed>) = 3 [pid 5871] close(3 [pid 6803] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6803] <... chdir resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6803] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6803] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6803] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6803] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6801] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6801] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... openat resumed>) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 6803] <... openat resumed>) = 4 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6803] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 5872] close(4) = 0 [pid 6801] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] rmdir("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6801] <... futex resumed>) = 0 [pid 6801] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5872] <... rmdir resumed>) = 0 [pid 5872] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6803] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6803] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6801] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6803] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6801] <... futex resumed>) = 0 [pid 6803] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6801] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... write resumed>) = 1116 [pid 5872] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... close resumed>) = 0 [pid 6803] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] unlink("./79/binderfs" [pid 6801] <... futex resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 6801] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... futex resumed>) = 0 [pid 6801] <... futex resumed>) = 1 [pid 6803] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6801] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6801] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6801] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6803] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5872] getdents64(3, [pid 6803] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6803] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6801] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./79") = 0 [pid 5872] mkdir("./80", 0777 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6805 attached [pid 5872] <... mkdir resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 167 [pid 6805] set_robust_list(0x55557616a6a0, 24 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6805] <... set_robust_list resumed>) = 0 [pid 6804] <... mount resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 6805] chdir("./80" [pid 6804] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] ioctl(3, LOOP_CLR_FD [pid 6805] <... chdir resumed>) = 0 [pid 6805] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6804] <... openat resumed>) = 3 [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 6805] <... prctl resumed>) = 0 [pid 6804] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6805] setpgid(0, 0 [pid 6804] <... chdir resumed>) = 0 [pid 6804] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6805] <... setpgid resumed>) = 0 [pid 6804] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6804] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6804] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6805] <... openat resumed>) = 3 [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6804] <... futex resumed>) = 0 [pid 6805] write(3, "1000", 4 [pid 6804] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6802] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6805] <... write resumed>) = 4 [pid 6804] <... openat resumed>) = 4 [pid 5872] <... close resumed>) = 0 [pid 6805] close(3 [pid 6804] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... close resumed>) = 0 [pid 6804] <... futex resumed>) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6805] symlink("/dev/binderfs", "./binderfs" [pid 6804] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6802] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6806 attached [pid 6806] set_robust_list(0x55557616a6a0, 24 [pid 6805] <... symlink resumed>) = 0 [pid 6806] <... set_robust_list resumed>) = 0 [pid 6805] write(1, "executing program\n", 18 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 168 executing program [pid 6806] chdir("./80" [pid 6805] <... write resumed>) = 18 [pid 6806] <... chdir resumed>) = 0 [pid 6805] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6805] <... futex resumed>) = 0 [pid 6806] setpgid(0, 0 [pid 6805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6806] <... setpgid resumed>) = 0 [pid 6806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6805] <... mmap resumed>) = 0x7f701fcf4000 [pid 6804] <... openat resumed>) = 5 [pid 6804] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... openat resumed>) = 3 [pid 6805] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6804] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6802] <... futex resumed>) = 0 [pid 6802] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6806] write(3, "1000", 4 [pid 6804] <... write resumed>) = 1116 [pid 6806] <... write resumed>) = 4 [pid 6805] <... mprotect resumed>) = 0 [pid 6804] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6802] <... futex resumed>) = 0 [pid 6806] close(3 [pid 6805] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6804] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6802] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... close resumed>) = 0 [pid 6804] <... mmap resumed>) = 0x200000000000 [pid 6802] <... futex resumed>) = 0 [pid 6806] symlink("/dev/binderfs", "./binderfs" [pid 6804] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6806] <... symlink resumed>) = 0 [pid 6805] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6804] <... futex resumed>) = 0 [pid 6802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6806] write(1, "executing program\n", 18 [pid 6805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6804] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6802] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6806] <... write resumed>) = 18 [pid 6804] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6802] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6807 attached [pid 6806] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... clone3 resumed> => {parent_tid=[168]}, 88) = 168 [pid 6804] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6806] <... futex resumed>) = 0 [pid 6805] rt_sigprocmask(SIG_SETMASK, [], [pid 6804] <... futex resumed>) = 0 [pid 6802] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6804] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6802] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... mmap resumed>) = 0x7f701fcf4000 [pid 6805] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6805] <... futex resumed>) = 0 [pid 6799] <... futex resumed>) = ? [pid 6806] <... mprotect resumed>) = 0 [pid 6805] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6807] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6806] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6807] <... rseq resumed>) = 0 [pid 6806] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6807] set_robust_list(0x7f701fd149a0, 24 [pid 6806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6808 attached [pid 6807] <... set_robust_list resumed>) = 0 [pid 6807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] memfd_create("syzkaller", 0 [pid 6806] <... clone3 resumed> => {parent_tid=[169]}, 88) = 169 [pid 6808] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6807] <... memfd_create resumed>) = 3 [pid 6808] <... rseq resumed>) = 0 [pid 6807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6808] set_robust_list(0x7f701fd149a0, 24 [pid 6807] <... mmap resumed>) = 0x7f7017800000 [pid 6806] rt_sigprocmask(SIG_SETMASK, [], [pid 6808] <... set_robust_list resumed>) = 0 [pid 6808] rt_sigprocmask(SIG_SETMASK, [], [pid 6806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6806] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] memfd_create("syzkaller", 0 [pid 6806] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6808] <... memfd_create resumed>) = 3 [pid 6808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6800] +++ killed by SIGSEGV (core dumped) +++ [pid 6799] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=172, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5870] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6807] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6808] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6807] <... write resumed>) = 2097152 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6807] munmap(0x7f7017800000, 138412032 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6807] <... munmap resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./79/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./79" [pid 6801] <... futex resumed>) = ? [pid 6807] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./80", 0777 [pid 6807] <... openat resumed>) = 4 [pid 5870] <... mkdir resumed>) = 0 [pid 6807] ioctl(4, LOOP_SET_FD, 3 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6808] <... write resumed>) = 2097152 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 6803] +++ killed by SIGSEGV (core dumped) +++ [pid 6801] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... ioctl resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=166, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 6808] munmap(0x7f7017800000, 138412032 [pid 5870] close(3 [pid 5869] <... restart_syscall resumed>) = 0 [pid 6808] <... munmap resumed>) = 0 [pid 5869] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6808] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6807] <... ioctl resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6808] <... openat resumed>) = 4 [pid 6807] close(3 [pid 5870] <... close resumed>) = 0 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 6808] ioctl(4, LOOP_SET_FD, 3 [pid 6807] <... close resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [ 418.424584][ T6807] loop3: detected capacity change from 0 to 4096 [pid 5869] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6807] close(4) = 0 [pid 6807] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6807] <... mkdir resumed>) = 0 [pid 6807] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 174 ./strace-static-x86_64: Process 6809 attached [pid 6809] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6809] chdir("./80") = 0 [pid 6809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6809] setpgid(0, 0) = 0 [pid 6809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6809] write(3, "1000", 4) = 4 [pid 6809] close(3) = 0 [pid 6809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6808] <... ioctl resumed>) = 0 executing program [pid 6809] write(1, "executing program\n", 18 [pid 6808] close(3 [pid 6809] <... write resumed>) = 18 [pid 6809] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... close resumed>) = 0 [pid 6809] <... futex resumed>) = 0 [pid 6808] close(4 [pid 6809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6808] <... close resumed>) = 0 [pid 6809] <... mmap resumed>) = 0x7f701fcf4000 [pid 6808] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 418.479329][ T6808] loop4: detected capacity change from 0 to 4096 [pid 6808] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6809] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6810 attached => {parent_tid=[175]}, 88) = 175 [pid 6809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6809] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6810] <... rseq resumed>) = 0 [pid 6810] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6810] memfd_create("syzkaller", 0) = 3 [pid 6810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6802] <... futex resumed>) = ? [pid 6804] +++ killed by SIGSEGV (core dumped) +++ [pid 6802] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=164, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6810] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6807] <... mount resumed>) = 0 [pid 6807] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6807] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6807] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6807] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6805] <... futex resumed>) = 0 [pid 6807] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6805] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6805] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... futex resumed>) = 0 [pid 6807] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6810] <... write resumed>) = 2097152 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6807] <... openat resumed>) = 4 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6807] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... openat resumed>) = 4 [pid 6807] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] newfstatat(4, "", [pid 6805] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6805] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(4, [pid 6807] <... futex resumed>) = 0 [pid 6805] <... futex resumed>) = 1 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6807] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6805] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] getdents64(4, [pid 6807] <... openat resumed>) = 5 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6807] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(4 [pid 6807] <... futex resumed>) = 1 [pid 6805] <... futex resumed>) = 0 [pid 6807] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6805] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 6807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6805] <... futex resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6805] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6810] munmap(0x7f7017800000, 138412032 [pid 5869] <... rmdir resumed>) = 0 [pid 6807] <... write resumed>) = 1116 [pid 6807] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6807] <... futex resumed>) = 1 [pid 6805] <... futex resumed>) = 0 [pid 6805] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6807] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6805] <... futex resumed>) = 0 [pid 6805] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] newfstatat(AT_FDCWD, "./80/binderfs", [pid 6807] <... mmap resumed>) = 0x200000000000 [pid 6807] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6808] <... mount resumed>) = 0 [pid 6808] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6808] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] unlink("./80/binderfs" [pid 5868] <... umount2 resumed>) = 0 [pid 6810] <... munmap resumed>) = 0 [pid 6808] <... chdir resumed>) = 0 [pid 6807] <... futex resumed>) = 0 [pid 6805] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... unlink resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6807] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6805] <... futex resumed>) = 0 [pid 5869] getdents64(3, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6808] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6807] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6805] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] close(3 [pid 6808] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] rmdir("./80" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6808] <... futex resumed>) = 1 [pid 6806] <... futex resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] mkdir("./81", 0777 [pid 6808] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6806] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 6806] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6808] <... openat resumed>) = 4 [pid 6807] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] newfstatat(4, "", [pid 6810] <... openat resumed>) = 4 [pid 6810] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6807] <... futex resumed>) = 1 [pid 6805] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5868] getdents64(4, [pid 6807] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6805] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6805] <... futex resumed>) = 0 [pid 6808] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6805] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... ioctl resumed>) = 0 [pid 5868] getdents64(4, [pid 6808] <... futex resumed>) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6808] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6806] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... openat resumed>) = 5 [pid 6806] <... futex resumed>) = 0 [pid 5869] close(3 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6806] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(4 [pid 6808] <... futex resumed>) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6808] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 6808] <... futex resumed>) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6806] <... futex resumed>) = 0 [pid 6808] <... mmap resumed>) = 0x200000000000 [pid 6806] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] rmdir("\x2e\x2f\x37\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6808] <... futex resumed>) = 1 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6808] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] <... futex resumed>) = 1 [pid 6808] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [ 418.752100][ T6810] loop1: detected capacity change from 0 to 4096 [pid 6810] <... ioctl resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6810] close(3 [pid 5869] <... close resumed>) = 0 [pid 5868] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6810] <... close resumed>) = 0 [pid 6810] close(4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6810] <... close resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./79/binderfs", [pid 6810] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6810] <... mkdir resumed>) = 0 [pid 5868] unlink("./79/binderfs" [pid 6810] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./79") = 0 [pid 5868] mkdir("./80", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] close(3./strace-static-x86_64: Process 6811 attached [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 168 [pid 6811] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6811] chdir("./81") = 0 [pid 6811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6811] setpgid(0, 0) = 0 executing program [pid 6811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6811] write(3, "1000", 4) = 4 [pid 6811] close(3) = 0 [pid 6811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6811] write(1, "executing program\n", 18) = 18 [pid 6811] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6811] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5868] <... close resumed>) = 0 [pid 6811] <... mprotect resumed>) = 0 [pid 6811] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6811] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6812 attached => {parent_tid=[169]}, 88) = 169 [pid 6812] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6811] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6812] set_robust_list(0x7f701fd149a0, 24 [pid 6811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6811] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6812] <... set_robust_list resumed>) = 0 [pid 6812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6813 attached [pid 6812] memfd_create("syzkaller", 0 [pid 6813] set_robust_list(0x55557616a6a0, 24 [pid 6812] <... memfd_create resumed>) = 3 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 166 [pid 6813] <... set_robust_list resumed>) = 0 [pid 6813] chdir("./80" [pid 6812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6813] <... chdir resumed>) = 0 [pid 6813] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6812] <... mmap resumed>) = 0x7f7017800000 [pid 6813] <... prctl resumed>) = 0 [pid 6813] setpgid(0, 0) = 0 [pid 6813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6810] <... mount resumed>) = 0 [pid 6810] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6810] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6810] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6810] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... openat resumed>) = 3 [pid 6810] <... futex resumed>) = 1 [pid 6810] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] write(3, "1000", 4 [pid 6810] <... futex resumed>) = 0 [pid 6809] <... futex resumed>) = 1 [pid 6810] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6813] <... write resumed>) = 4 [pid 6809] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] close(3) = 0 [pid 6813] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6813] write(1, "executing program\n", 18 [pid 6810] <... openat resumed>) = 4 [pid 6813] <... write resumed>) = 18 [pid 6813] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6810] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] <... futex resumed>) = 0 [pid 6813] <... futex resumed>) = 0 [pid 6813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6809] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6813] <... mmap resumed>) = 0x7f701fcf4000 [pid 6810] <... futex resumed>) = 0 [pid 6809] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6813] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6810] <... openat resumed>) = 5 [pid 6810] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6810] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] <... mprotect resumed>) = 0 [pid 6809] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6809] <... futex resumed>) = 1 [pid 6810] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6813] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6809] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6810] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... futex resumed>) = 0 [pid 6809] <... futex resumed>) = 1 [pid 6813] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6810] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6809] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... mmap resumed>) = 0x200000000000 [pid 6810] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6810] <... futex resumed>) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6810] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6809] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6809] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6814 attached [pid 6809] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6812] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6810] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6814] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6813] <... clone3 resumed> => {parent_tid=[167]}, 88) = 167 [pid 6810] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... rseq resumed>) = 0 [pid 6813] rt_sigprocmask(SIG_SETMASK, [], [pid 6810] <... futex resumed>) = 1 [pid 6809] <... futex resumed>) = 0 [pid 6814] set_robust_list(0x7f701fd149a0, 24 [pid 6813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6810] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6809] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... futex resumed>) = 0 [pid 6814] <... set_robust_list resumed>) = 0 [pid 6813] <... futex resumed>) = 0 [pid 6814] rt_sigprocmask(SIG_SETMASK, [], [pid 6813] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6814] memfd_create("syzkaller", 0) = 3 [pid 6814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6806] <... futex resumed>) = ? [pid 6812] <... write resumed>) = 2097152 [pid 6812] munmap(0x7f7017800000, 138412032 [pid 6805] <... futex resumed>) = ? [pid 6808] +++ killed by SIGSEGV (core dumped) +++ [pid 6806] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=168, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6812] <... munmap resumed>) = 0 [pid 6807] +++ killed by SIGSEGV (core dumped) +++ [pid 6805] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=167, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5872] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6812] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... openat resumed>) = 3 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5872] newfstatat(3, "", [pid 6812] <... openat resumed>) = 4 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6812] ioctl(4, LOOP_SET_FD, 3 [pid 5872] getdents64(3, [pid 5871] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6814] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6812] <... ioctl resumed>) = 0 [ 419.185290][ T6812] loop2: detected capacity change from 0 to 4096 [pid 6812] close(3) = 0 [pid 6812] close(4) = 0 [pid 6812] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6812] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6814] <... write resumed>) = 2097152 [pid 6814] munmap(0x7f7017800000, 138412032) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 6814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6814] close(3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6814] <... close resumed>) = 0 [pid 6810] +++ killed by SIGSEGV (core dumped) +++ [pid 6809] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6814] close(4 [pid 5872] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=174, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [pid 6814] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 419.319448][ T6814] loop0: detected capacity change from 0 to 4096 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6814] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] <... openat resumed>) = 4 [pid 6814] <... mkdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] newfstatat(4, "", [pid 5870] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] getdents64(4, [pid 6814] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... openat resumed>) = 3 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] newfstatat(3, "", [pid 5872] <... openat resumed>) = 4 [pid 5871] getdents64(4, [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] getdents64(3, [pid 5872] newfstatat(4, "", [pid 5871] close(4 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... close resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] rmdir("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 5871] <... rmdir resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] close(4 [pid 5871] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5871] unlink("./80/binderfs" [pid 5872] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... unlink resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5871] getdents64(3, [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] unlink("./80/binderfs") = 0 [pid 5872] getdents64(3, [pid 5871] close(3 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] <... close resumed>) = 0 [pid 5872] close(3 [pid 5871] rmdir("./80" [pid 5872] <... close resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5872] rmdir("./80" [pid 5871] mkdir("./81", 0777 [pid 5872] <... rmdir resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5872] mkdir("./81", 0777 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... mkdir resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 6812] <... mount resumed>) = 0 [pid 5872] close(3 [pid 6812] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6812] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6812] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] <... close resumed>) = 0 [pid 6812] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6812] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6811] <... futex resumed>) = 0 [pid 6812] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6811] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] <... futex resumed>) = 0 [pid 6811] <... futex resumed>) = 1 [pid 6812] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6811] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6816 attached ./strace-static-x86_64: Process 6815 attached [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 169 [pid 6815] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6815] chdir("./81" [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 170 [pid 6816] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6816] chdir("./81" [pid 6815] <... chdir resumed>) = 0 [pid 6815] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6816] <... chdir resumed>) = 0 [pid 6815] <... prctl resumed>) = 0 [pid 6816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6816] setpgid(0, 0) = 0 [pid 6815] setpgid(0, 0 [pid 6811] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6811] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6811] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... openat resumed>) = 3 [pid 6815] <... setpgid resumed>) = 0 [pid 6811] <... futex resumed>) = 0 [pid 6811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 6811] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 6815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6811] <... mprotect resumed>) = 0 [pid 6816] write(3, "1000", 4 [pid 6815] <... openat resumed>) = 3 [pid 6812] <... openat resumed>) = 4 [pid 6811] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6816] <... write resumed>) = 4 [pid 6815] write(3, "1000", 4 [pid 6812] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6816] close(3 [pid 6815] <... write resumed>) = 4 [pid 6812] <... futex resumed>) = 0 [pid 6811] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 6817 attached [pid 6816] <... close resumed>) = 0 [pid 6815] close(3 [pid 6812] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6817] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 6816] symlink("/dev/binderfs", "./binderfs" [pid 6815] <... close resumed>) = 0 [pid 6814] <... mount resumed>) = 0 [pid 6811] <... clone3 resumed> => {parent_tid=[170]}, 88) = 170 [pid 5870] <... umount2 resumed>) = 0 [pid 6815] symlink("/dev/binderfs", "./binderfs"executing program [pid 6816] <... symlink resumed>) = 0 [pid 6815] <... symlink resumed>) = 0 [pid 6814] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6811] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] write(1, "executing program\n", 18 [pid 6814] <... openat resumed>) = 3 [pid 6811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] <... write resumed>) = 18 [pid 6814] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6811] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... chdir resumed>) = 0 [pid 6811] <... futex resumed>) = 0 executing program [pid 6815] write(1, "executing program\n", 18 [pid 6816] <... futex resumed>) = 0 [pid 6815] <... write resumed>) = 18 [pid 6814] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6811] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6815] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6817] <... rseq resumed>) = 0 [pid 6816] <... mmap resumed>) = 0x7f701fcf4000 [pid 6815] <... futex resumed>) = 0 [pid 6814] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] set_robust_list(0x7f701fcf39a0, 24 [pid 6816] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6814] <... futex resumed>) = 1 [pid 6817] <... set_robust_list resumed>) = 0 [pid 6816] <... mprotect resumed>) = 0 [pid 6815] <... mmap resumed>) = 0x7f701fcf4000 [pid 6814] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] <... futex resumed>) = 0 [pid 6817] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6815] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6813] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... futex resumed>) = 0 [pid 6813] <... futex resumed>) = 1 [pid 6814] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6815] <... mprotect resumed>) = 0 [pid 6813] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6815] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6817] <... openat resumed>) = 5 [pid 6816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6815] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6814] <... openat resumed>) = 4 [pid 6815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", ./strace-static-x86_64: Process 6818 attached [pid 6815] <... clone3 resumed> => {parent_tid=[170]}, 88) = 170 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6819 attached [pid 6816] <... clone3 resumed> => {parent_tid=[171]}, 88) = 171 [pid 5870] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6819] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6819] <... rseq resumed>) = 0 [pid 6816] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 4 [pid 6819] set_robust_list(0x7f701fd149a0, 24 [pid 6816] <... futex resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 6819] <... set_robust_list resumed>) = 0 [pid 6816] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6819] rt_sigprocmask(SIG_SETMASK, [], [pid 6818] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6817] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] rt_sigprocmask(SIG_SETMASK, [], [pid 6814] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(4, [pid 6819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6818] <... rseq resumed>) = 0 [pid 6817] <... futex resumed>) = 1 [pid 6811] <... futex resumed>) = 0 [pid 6819] memfd_create("syzkaller", 0 [pid 6818] set_robust_list(0x7f701fd149a0, 24 [pid 6817] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6814] <... futex resumed>) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6811] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6815] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] <... futex resumed>) = 0 [pid 6811] <... futex resumed>) = 1 [pid 5870] getdents64(4, [pid 6818] <... set_robust_list resumed>) = 0 [pid 6815] <... futex resumed>) = 0 [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6812] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6811] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6819] <... memfd_create resumed>) = 3 [pid 6818] rt_sigprocmask(SIG_SETMASK, [], [pid 6815] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6814] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6813] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6812] <... write resumed>) = 1116 [pid 5870] close(4 [pid 6819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6812] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 6819] <... mmap resumed>) = 0x7f7017800000 [pid 6814] <... openat resumed>) = 5 [pid 6812] <... futex resumed>) = 1 [pid 6811] <... futex resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6818] memfd_create("syzkaller", 0 [pid 6812] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6818] <... memfd_create resumed>) = 3 [pid 6814] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6811] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 6818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6814] <... futex resumed>) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6812] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6811] <... futex resumed>) = 0 [pid 5870] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6818] <... mmap resumed>) = 0x7f7017800000 [pid 6814] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] <... mmap resumed>) = 0x200000000000 [pid 6811] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6812] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] newfstatat(AT_FDCWD, "./80/binderfs", [pid 6814] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6813] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6812] <... futex resumed>) = 0 [pid 6811] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6814] <... write resumed>) = 1116 [pid 6812] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6811] <... futex resumed>) = 0 [pid 5870] unlink("./80/binderfs" [pid 6814] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6811] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... unlink resumed>) = 0 [pid 6814] <... futex resumed>) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6812] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] getdents64(3, [pid 6814] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] <... futex resumed>) = 0 [pid 6811] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6812] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6811] <... futex resumed>) = ? [pid 5870] close(3 [pid 6814] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6813] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 6814] <... mmap resumed>) = 0x200000000000 [pid 6814] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("./80") = 0 [pid 5870] mkdir("./81", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 6814] <... futex resumed>) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6813] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6819] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6818] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6814] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6813] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] <... close resumed>) = 0 [pid 6814] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6813] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6814] <... futex resumed>) = 1 [pid 6813] <... futex resumed>) = 0 [pid 6814] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6820 attached , child_tidptr=0x55557616a690) = 176 [pid 6820] set_robust_list(0x55557616a6a0, 24 [pid 6818] <... write resumed>) = 2097152 [pid 6820] <... set_robust_list resumed>) = 0 [pid 6820] chdir("./81") = 0 [pid 6820] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6818] munmap(0x7f7017800000, 138412032 [pid 6820] <... prctl resumed>) = 0 [pid 6820] setpgid(0, 0) = 0 [pid 6820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6819] <... write resumed>) = 2097152 [pid 6820] <... openat resumed>) = 3 [pid 6820] write(3, "1000", 4 [pid 6819] munmap(0x7f7017800000, 138412032 [pid 6818] <... munmap resumed>) = 0 [pid 6820] <... write resumed>) = 4 executing program [pid 6819] <... munmap resumed>) = 0 [pid 6820] close(3 [pid 6818] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6820] <... close resumed>) = 0 [pid 6820] symlink("/dev/binderfs", "./binderfs" [pid 6818] <... openat resumed>) = 4 [pid 6820] <... symlink resumed>) = 0 [pid 6818] ioctl(4, LOOP_SET_FD, 3 [pid 6820] write(1, "executing program\n", 18) = 18 [pid 6819] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6819] ioctl(4, LOOP_SET_FD, 3 [pid 6820] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6818] <... ioctl resumed>) = 0 [pid 6820] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6818] close(3) = 0 [pid 6818] close(4) = 0 [pid 6818] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6820] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6818] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6820] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6821 attached => {parent_tid=[177]}, 88) = 177 [pid 6820] rt_sigprocmask(SIG_SETMASK, [], [pid 6819] <... ioctl resumed>) = 0 [pid 6820] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6819] close(3 [pid 6821] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6820] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... rseq resumed>) = 0 [pid 6820] <... futex resumed>) = 0 [pid 6821] set_robust_list(0x7f701fd149a0, 24 [pid 6820] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6819] <... close resumed>) = 0 [pid 6821] <... set_robust_list resumed>) = 0 [pid 6819] close(4 [pid 6821] rt_sigprocmask(SIG_SETMASK, [], [pid 6819] <... close resumed>) = 0 [pid 6821] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6819] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [ 419.833687][ T6818] loop3: detected capacity change from 0 to 4096 [ 419.836808][ T6819] loop4: detected capacity change from 0 to 4096 [pid 6821] memfd_create("syzkaller", 0 [pid 6819] <... mkdir resumed>) = 0 [pid 6821] <... memfd_create resumed>) = 3 [pid 6819] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6814] +++ killed by SIGSEGV (core dumped) +++ [pid 6813] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=166, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5868] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6817] <... futex resumed>) = ? [pid 6817] +++ killed by SIGSEGV (core dumped) +++ [pid 6821] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6812] +++ killed by SIGSEGV (core dumped) +++ [pid 6811] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=168, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6818] <... mount resumed>) = 0 [pid 6818] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6818] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", [pid 6818] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6818] <... chdir resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6818] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6818] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6815] <... futex resumed>) = 0 [pid 6815] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] <... write resumed>) = 2097152 [pid 6819] <... mount resumed>) = 0 [pid 6818] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6819] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6821] munmap(0x7f7017800000, 138412032 [pid 6819] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5868] <... umount2 resumed>) = 0 [pid 6821] <... munmap resumed>) = 0 [pid 6819] <... chdir resumed>) = 0 [pid 6818] <... openat resumed>) = 4 [pid 5868] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6819] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x38\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6818] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] unlink("./80/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./80") = 0 [pid 5868] mkdir("./81", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6819] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6818] <... futex resumed>) = 1 [pid 6815] <... futex resumed>) = 0 [pid 6821] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6819] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6815] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6821] <... openat resumed>) = 4 [pid 6819] <... futex resumed>) = 1 [pid 6819] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] ioctl(4, LOOP_SET_FD, 3 [pid 6818] <... openat resumed>) = 5 [pid 6816] <... futex resumed>) = 0 [pid 6821] <... ioctl resumed>) = 0 [pid 6816] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... futex resumed>) = 1 [pid 6819] <... futex resumed>) = 0 [pid 6818] <... futex resumed>) = 1 [pid 6816] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] <... futex resumed>) = 0 [pid 6819] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6815] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] <... openat resumed>) = 4 [pid 6818] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6821] close(3 [pid 6819] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] <... write resumed>) = 1116 [pid 6819] <... futex resumed>) = 1 [pid 6818] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... futex resumed>) = 0 [pid 6821] <... close resumed>) = 0 [pid 6819] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6818] <... futex resumed>) = 1 [pid 6816] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... futex resumed>) = 0 [pid 6821] close(4 [pid 6819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6818] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] <... futex resumed>) = 0 [pid 6815] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6815] <... futex resumed>) = 0 [pid 6819] <... openat resumed>) = 5 [pid 6818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6816] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6818] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6819] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... close resumed>) = 0 [pid 6819] <... futex resumed>) = 1 [pid 6818] <... mmap resumed>) = 0x200000000000 [pid 6816] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6821] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6818] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... mkdir resumed>) = 0 [pid 6819] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6818] <... futex resumed>) = 1 [pid 6816] <... futex resumed>) = 0 [pid 6815] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 6821] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6818] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6815] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6815] <... futex resumed>) = 0 [pid 6818] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6815] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] <... write resumed>) = 1116 [pid 6818] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6819] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6822 attached [pid 6819] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6818] <... futex resumed>) = 1 [pid 6816] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... futex resumed>) = 0 [pid 6819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6815] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6815] <... futex resumed>) = 0 [pid 6819] <... mmap resumed>) = 0x200000000000 [ 420.157477][ T6821] loop1: detected capacity change from 0 to 4096 [pid 6815] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] set_robust_list(0x55557616a6a0, 24 [pid 6819] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6816] <... futex resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6819] <... futex resumed>) = 0 [pid 6816] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6816] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 168 [pid 6819] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6819] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6819] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6822] <... set_robust_list resumed>) = 0 [pid 6816] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6822] chdir("./81" [pid 5869] <... openat resumed>) = 4 [pid 6822] <... chdir resumed>) = 0 [pid 6816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6822] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6816] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6822] <... prctl resumed>) = 0 [pid 6819] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6822] setpgid(0, 0 [pid 6819] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5869] getdents64(4, [pid 6822] <... setpgid resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6822] <... openat resumed>) = 3 [pid 5869] close(4 [pid 6822] write(3, "1000", 4) = 4 [pid 5869] <... close resumed>) = 0 [pid 6822] close(3) = 0 [pid 5869] rmdir("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6822] write(1, "executing program\n", 18executing program ) = 18 [pid 6822] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6822] <... futex resumed>) = 0 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6822] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] newfstatat(AT_FDCWD, "./81/binderfs", [pid 6822] <... mprotect resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6822] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] unlink("./81/binderfs" [pid 6822] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] getdents64(3, ./strace-static-x86_64: Process 6823 attached 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6823] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6822] <... clone3 resumed> => {parent_tid=[169]}, 88) = 169 [pid 5869] close(3) = 0 [pid 6822] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] rmdir("./81" [pid 6823] <... rseq resumed>) = 0 [pid 6823] set_robust_list(0x7f701fd149a0, 24 [pid 6822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6823] <... set_robust_list resumed>) = 0 [pid 6823] rt_sigprocmask(SIG_SETMASK, [], [pid 6822] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] mkdir("./82", 0777 [pid 6823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 6823] memfd_create("syzkaller", 0 [pid 6822] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6823] <... memfd_create resumed>) = 3 [pid 6822] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... openat resumed>) = 3 [pid 6823] <... mmap resumed>) = 0x7f7017800000 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 6821] <... mount resumed>) = 0 [pid 6821] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] <... close resumed>) = 0 [pid 6821] <... openat resumed>) = 3 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6821] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 171 ./strace-static-x86_64: Process 6824 attached [pid 6823] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6821] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6824] set_robust_list(0x55557616a6a0, 24 [pid 6821] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... set_robust_list resumed>) = 0 [pid 6821] <... futex resumed>) = 1 [pid 6820] <... futex resumed>) = 0 [pid 6821] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6820] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] chdir("./82" [pid 6821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6821] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6820] <... futex resumed>) = 0 [pid 6824] <... chdir resumed>) = 0 [pid 6820] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6824] setpgid(0, 0) = 0 [pid 6824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6821] <... openat resumed>) = 4 [pid 6824] write(3, "1000", 4 [pid 6821] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... write resumed>) = 4 [pid 6821] <... futex resumed>) = 1 [pid 6820] <... futex resumed>) = 0 [pid 6824] close(3 [pid 6821] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6820] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] <... close resumed>) = 0 [pid 6820] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6824] symlink("/dev/binderfs", "./binderfs" [pid 6821] <... openat resumed>) = 5 [pid 6824] <... symlink resumed>) = 0 [pid 6821] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] write(1, "executing program\n", 18 [pid 6821] <... futex resumed>) = 1 [pid 6820] <... futex resumed>) = 0 [pid 6820] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6820] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 6824] <... write resumed>) = 18 [pid 6821] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6824] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... write resumed>) = 1116 [pid 6824] <... futex resumed>) = 0 [pid 6821] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6821] <... futex resumed>) = 1 [pid 6820] <... futex resumed>) = 0 [pid 6821] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] <... mmap resumed>) = 0x7f701fcf4000 [pid 6820] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... futex resumed>) = 0 [pid 6820] <... futex resumed>) = 1 [pid 6824] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6821] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6820] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6824] <... mprotect resumed>) = 0 [pid 6821] <... mmap resumed>) = 0x200000000000 [pid 6824] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6821] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6821] <... futex resumed>) = 1 [pid 6820] <... futex resumed>) = 0 [pid 6820] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}./strace-static-x86_64: Process 6825 attached [pid 6824] <... clone3 resumed> => {parent_tid=[172]}, 88) = 172 [pid 6825] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6824] rt_sigprocmask(SIG_SETMASK, [], [pid 6821] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6820] <... futex resumed>) = 0 [pid 6825] <... rseq resumed>) = 0 [pid 6824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6821] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6821] <... futex resumed>) = 0 [pid 6820] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6824] <... futex resumed>) = 0 [pid 6821] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6825] rt_sigprocmask(SIG_SETMASK, [], [pid 6824] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6820] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6821] <... futex resumed>) = 0 [pid 6820] <... futex resumed>) = 1 [pid 6821] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6820] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] memfd_create("syzkaller", 0) = 3 [pid 6823] <... write resumed>) = 2097152 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6823] munmap(0x7f7017800000, 138412032 [pid 6825] <... mmap resumed>) = 0x7f7017800000 [pid 6823] <... munmap resumed>) = 0 [pid 6815] <... futex resumed>) = ? [pid 6823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6818] +++ killed by SIGSEGV (core dumped) +++ [pid 6815] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=169, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5871] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", [pid 6823] close(3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] <... close resumed>) = 0 [pid 6823] close(4) = 0 [pid 6823] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6825] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [ 420.569024][ T6823] loop0: detected capacity change from 0 to 4096 [pid 6823] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6825] <... write resumed>) = 2097152 [pid 6825] munmap(0x7f7017800000, 138412032) = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6819] +++ killed by SIGSEGV (core dumped) +++ [pid 6816] +++ killed by SIGSEGV (core dumped) +++ [pid 6825] close(3 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=170, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6825] <... close resumed>) = 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 6825] close(4 [pid 5872] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6825] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6825] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", [pid 6825] <... mkdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6825] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] getdents64(3, [pid 6823] <... mount resumed>) = 0 [pid 6823] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6823] <... openat resumed>) = 3 [ 420.700642][ T6825] loop2: detected capacity change from 0 to 4096 [pid 5872] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] <... umount2 resumed>) = 0 [pid 6823] <... chdir resumed>) = 0 [pid 6823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6823] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] <... openat resumed>) = 4 [pid 5871] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6823] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./81/binderfs") = 0 [pid 6823] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6822] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] <... futex resumed>) = ? [pid 6822] <... futex resumed>) = 0 [pid 6823] <... openat resumed>) = 5 [pid 6822] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6821] +++ killed by SIGSEGV (core dumped) +++ [pid 6820] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] getdents64(3, [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=176, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6823] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] <... futex resumed>) = 1 [pid 6822] <... futex resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 6822] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] rmdir("./81" [pid 6822] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... rmdir resumed>) = 0 [pid 5871] mkdir("./82", 0777) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6823] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5870] newfstatat(3, "", [pid 5871] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] close(3 [pid 5870] getdents64(3, [pid 6823] <... write resumed>) = 1116 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6823] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6823] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6822] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6823] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6822] <... futex resumed>) = 0 [pid 6823] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6823] <... futex resumed>) = 0 [pid 6822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6823] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6822] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6826 attached [pid 6825] <... mount resumed>) = 0 [pid 6826] set_robust_list(0x55557616a6a0, 24 [pid 6825] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6826] <... set_robust_list resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 171 [pid 6825] <... openat resumed>) = 3 [pid 6826] chdir("./82" [pid 6825] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6826] <... chdir resumed>) = 0 [pid 6825] <... chdir resumed>) = 0 [pid 6826] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6826] <... prctl resumed>) = 0 [pid 6826] setpgid(0, 0 [pid 6825] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] <... umount2 resumed>) = 0 [pid 6826] <... setpgid resumed>) = 0 [pid 6825] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6825] <... futex resumed>) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6826] <... openat resumed>) = 3 [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6825] <... openat resumed>) = 4 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6826] write(3, "1000", 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./81/binderfs", [pid 6826] <... write resumed>) = 4 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./81/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./81") = 0 [pid 6826] close(3 [pid 6825] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] mkdir("./82", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6826] <... close resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6826] symlink("/dev/binderfs", "./binderfs" [pid 6825] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6826] <... symlink resumed>) = 0 [pid 6825] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6824] <... futex resumed>) = 0 executing program [pid 6826] write(1, "executing program\n", 18 [pid 6825] <... openat resumed>) = 5 [pid 6824] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = 0 [pid 6826] <... write resumed>) = 18 [pid 6825] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6826] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6824] <... futex resumed>) = 0 [pid 6825] <... write resumed>) = 1116 [pid 6824] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6826] <... futex resumed>) = 0 [pid 6825] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] newfstatat(4, "", [pid 6826] <... mmap resumed>) = 0x7f701fcf4000 [pid 6825] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6824] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6826] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6825] <... mmap resumed>) = 0x200000000000 [pid 6824] <... futex resumed>) = 0 [pid 5870] getdents64(4, [pid 6826] <... mprotect resumed>) = 0 [pid 6825] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, [pid 5872] <... close resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 6824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6825] <... futex resumed>) = 0 [pid 6824] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6825] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6824] <... futex resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6825] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6824] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] unlink("./81/binderfs" [pid 6826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6825] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... unlink resumed>) = 0 [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] getdents64(3, [pid 6825] <... futex resumed>) = 1 [pid 6824] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 6824] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6828 attached ./strace-static-x86_64: Process 6827 attached [pid 6825] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6824] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 172 [pid 5870] rmdir("./81") = 0 [pid 6828] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6826] <... clone3 resumed> => {parent_tid=[172]}, 88) = 172 [pid 5870] mkdir("./82", 0777) = 0 [pid 6827] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6827] chdir("./82" [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 6828] <... rseq resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], [pid 6827] <... chdir resumed>) = 0 [pid 6828] set_robust_list(0x7f701fd149a0, 24 [pid 6827] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6828] <... set_robust_list resumed>) = 0 [pid 6828] rt_sigprocmask(SIG_SETMASK, [], [pid 6827] <... prctl resumed>) = 0 [pid 6826] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] setpgid(0, 0) = 0 [pid 6827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6827] write(3, "1000", 4) = 4 [pid 6827] close(3 [pid 6828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] <... close resumed>) = 0 executing program [pid 6826] <... futex resumed>) = 0 [pid 6827] symlink("/dev/binderfs", "./binderfs" [pid 6826] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6827] <... symlink resumed>) = 0 [pid 6827] write(1, "executing program\n", 18) = 18 [pid 6827] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6828] memfd_create("syzkaller", 0 [pid 6827] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6828] <... memfd_create resumed>) = 3 [pid 6827] <... mprotect resumed>) = 0 [pid 6827] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6827] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6829 attached [pid 6828] <... mmap resumed>) = 0x7f7017800000 [pid 6827] <... clone3 resumed> => {parent_tid=[173]}, 88) = 173 [pid 6827] rt_sigprocmask(SIG_SETMASK, [], [pid 6829] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6829] <... rseq resumed>) = 0 [pid 6827] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6829] set_robust_list(0x7f701fd149a0, 24 [pid 5870] <... close resumed>) = 0 [pid 6829] <... set_robust_list resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6830 attached , child_tidptr=0x55557616a690) = 178 [pid 6829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6830] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6830] chdir("./82") = 0 [pid 6830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6830] setpgid(0, 0) = 0 [pid 6830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6830] write(3, "1000", 4) = 4 [pid 6830] close(3executing program ) = 0 [pid 6829] memfd_create("syzkaller", 0 [pid 6830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6830] write(1, "executing program\n", 18) = 18 [pid 6830] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6830] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6830] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6829] <... memfd_create resumed>) = 3 [pid 6829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6830] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6831 attached => {parent_tid=[179]}, 88) = 179 [pid 6830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6830] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6830] <... futex resumed>) = 0 [pid 6830] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6831] <... rseq resumed>) = 0 [pid 6831] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6831] rt_sigprocmask(SIG_SETMASK, [], [pid 6828] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6831] memfd_create("syzkaller", 0) = 3 [pid 6831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6822] <... futex resumed>) = ? [pid 6829] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6823] +++ killed by SIGSEGV (core dumped) +++ [pid 6822] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=168, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 6828] <... write resumed>) = 2097152 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6828] munmap(0x7f7017800000, 138412032 [pid 5868] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6828] <... munmap resumed>) = 0 [pid 6829] <... write resumed>) = 2097152 [pid 6828] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6829] munmap(0x7f7017800000, 138412032 [pid 6828] <... openat resumed>) = 4 [pid 6831] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6829] <... munmap resumed>) = 0 [pid 6828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6828] close(3 [pid 6829] <... openat resumed>) = 4 [pid 6828] <... close resumed>) = 0 [pid 6829] ioctl(4, LOOP_SET_FD, 3 [pid 6828] close(4) = 0 [pid 6828] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6829] <... ioctl resumed>) = 0 [pid 6828] <... mkdir resumed>) = 0 [pid 6829] close(3 [pid 6828] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6829] <... close resumed>) = 0 [pid 6829] close(4) = 0 [pid 6829] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6831] <... write resumed>) = 2097152 [pid 6829] <... mkdir resumed>) = 0 [pid 6831] munmap(0x7f7017800000, 138412032 [pid 6829] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6831] <... munmap resumed>) = 0 [pid 6831] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 421.317729][ T6828] loop3: detected capacity change from 0 to 4096 [ 421.341123][ T6829] loop4: detected capacity change from 0 to 4096 [pid 6831] ioctl(4, LOOP_SET_FD, 3 [pid 6825] +++ killed by SIGSEGV (core dumped) +++ [pid 6824] +++ killed by SIGSEGV (core dumped) +++ [pid 6831] <... ioctl resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=171, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6831] close(3) = 0 [pid 6831] close(4) = 0 [pid 6831] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 421.392538][ T6831] loop1: detected capacity change from 0 to 4096 [pid 5868] <... umount2 resumed>) = 0 [pid 6831] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x38\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./81/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./81") = 0 [pid 5868] mkdir("./82", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6829] <... mount resumed>) = 0 [pid 6829] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6829] <... openat resumed>) = 3 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... close resumed>) = 0 [pid 6829] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", [pid 6829] <... chdir resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6829] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] getdents64(4, [pid 6829] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6829] <... futex resumed>) = 1 [pid 6827] <... futex resumed>) = 0 [pid 5869] getdents64(4, [pid 6829] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6827] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(4 [pid 6829] <... futex resumed>) = 0 [pid 6828] <... mount resumed>) = 0 [pid 6827] <... futex resumed>) = 1 [pid 5869] <... close resumed>) = 0 [pid 6829] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] rmdir("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38"./strace-static-x86_64: Process 6832 attached [pid 6828] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6827] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] <... openat resumed>) = 3 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 170 [pid 6832] set_robust_list(0x55557616a6a0, 24 [pid 6829] <... openat resumed>) = 4 [pid 5869] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6832] <... set_robust_list resumed>) = 0 [pid 6828] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6832] chdir("./82" [pid 6828] <... chdir resumed>) = 0 [pid 6832] <... chdir resumed>) = 0 [pid 6828] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6832] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6828] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6832] <... prctl resumed>) = 0 [pid 6828] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] setpgid(0, 0 [pid 6828] <... futex resumed>) = 1 [pid 6826] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6832] <... setpgid resumed>) = 0 [pid 6828] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6832] write(3, "1000", 4 [pid 6826] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] <... write resumed>) = 4 [pid 5869] newfstatat(AT_FDCWD, "./82/binderfs", [pid 6832] close(3) = 0 [pid 6832] symlink("/dev/binderfs", "./binderfs" [pid 6828] <... futex resumed>) = 0 [pid 6826] <... futex resumed>) = 1 [pid 6832] <... symlink resumed>) = 0 [pid 6829] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6832] write(1, "executing program\n", 18 [pid 6829] <... futex resumed>) = 1 [pid 6827] <... futex resumed>) = 0 [pid 6826] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 5869] unlink("./82/binderfs" [pid 6832] <... write resumed>) = 18 [pid 6827] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6827] <... futex resumed>) = 0 [pid 6832] <... mmap resumed>) = 0x7f701fcf4000 [pid 6827] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] getdents64(3, [pid 6832] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6833 attached [pid 6829] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6832] <... clone3 resumed> => {parent_tid=[171]}, 88) = 171 [pid 6833] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6832] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] close(3 [pid 6833] <... rseq resumed>) = 0 [pid 6832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... close resumed>) = 0 [pid 6833] set_robust_list(0x7f701fd149a0, 24 [pid 6832] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... set_robust_list resumed>) = 0 [pid 6832] <... futex resumed>) = 0 [pid 6833] rt_sigprocmask(SIG_SETMASK, [], [pid 6832] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6829] <... openat resumed>) = 5 [pid 5869] rmdir("./82" [pid 6833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6833] memfd_create("syzkaller", 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6833] <... memfd_create resumed>) = 3 [pid 5869] mkdir("./83", 0777 [pid 6833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6829] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... mkdir resumed>) = 0 [pid 6831] <... mount resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6828] <... openat resumed>) = 4 [pid 6827] <... futex resumed>) = 0 [pid 6826] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6831] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6829] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6827] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6829] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6827] <... futex resumed>) = 0 [pid 6826] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6831] <... openat resumed>) = 3 [pid 6831] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6829] <... write resumed>) = 1116 [pid 6827] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6831] <... chdir resumed>) = 0 [pid 6829] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6826] <... mmap resumed>) = 0x7f701fcd3000 [pid 5869] <... ioctl resumed>) = 0 [pid 6829] <... futex resumed>) = 0 [pid 6827] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6826] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 5869] close(3 [pid 6829] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6827] <... futex resumed>) = 0 [pid 6831] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6829] <... mmap resumed>) = 0x200000000000 [pid 6828] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6826] <... mprotect resumed>) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6829] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] <... futex resumed>) = 0 [pid 6827] <... futex resumed>) = 0 [pid 6826] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6827] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} [pid 6831] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] <... futex resumed>) = 0 [pid 6831] <... futex resumed>) = 1 [pid 6830] <... futex resumed>) = 0 [pid 6829] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6828] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6827] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6830] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6834 attached [pid 6831] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6830] <... futex resumed>) = 0 [pid 6826] <... clone3 resumed> => {parent_tid=[173]}, 88) = 173 [pid 6830] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 6831] <... openat resumed>) = 4 [pid 6829] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] rt_sigprocmask(SIG_SETMASK, [], [pid 6834] <... rseq resumed>) = 0 [pid 6829] <... futex resumed>) = 1 [pid 6827] <... futex resumed>) = 0 [pid 6826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6827] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] set_robust_list(0x7f701fcf39a0, 24 [pid 6829] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6826] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] <... futex resumed>) = 0 [pid 6834] <... set_robust_list resumed>) = 0 [pid 6826] <... futex resumed>) = 0 [pid 6826] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] rt_sigprocmask(SIG_SETMASK, [], [pid 6831] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 6834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6831] <... futex resumed>) = 1 [pid 6830] <... futex resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6834] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6831] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6830] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... openat resumed>) = 5 [pid 6831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6830] <... futex resumed>) = 0 [pid 6834] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6830] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] <... futex resumed>) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6834] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... futex resumed>) = 0 [pid 6826] <... futex resumed>) = 1 [pid 6828] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6828] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6835 attached [pid 6833] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6831] <... openat resumed>) = 5 [pid 6828] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6826] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6831] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] set_robust_list(0x55557616a6a0, 24 [pid 6831] <... futex resumed>) = 1 [pid 6830] <... futex resumed>) = 0 [pid 6826] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 173 [pid 6835] <... set_robust_list resumed>) = 0 [pid 6831] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6830] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = 0 [pid 6826] <... futex resumed>) = 1 [pid 6831] <... write resumed>) = 1116 [pid 6828] <... futex resumed>) = 0 [pid 6826] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6830] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] chdir("./83" [pid 6828] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6831] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... mmap resumed>) = 0x200000000000 [pid 6828] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6831] <... futex resumed>) = 1 [pid 6830] <... futex resumed>) = 0 [pid 6835] <... chdir resumed>) = 0 [pid 6826] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6831] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6830] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6826] <... futex resumed>) = 0 [pid 6830] <... futex resumed>) = 0 [pid 6826] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6831] <... mmap resumed>) = 0x200000000000 [pid 6830] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6835] <... prctl resumed>) = 0 [pid 6835] setpgid(0, 0 [pid 6831] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... setpgid resumed>) = 0 [pid 6835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6831] <... futex resumed>) = 1 [pid 6830] <... futex resumed>) = 0 [pid 6828] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... openat resumed>) = 3 [pid 6831] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6830] <... futex resumed>) = 0 [pid 6828] <... futex resumed>) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6831] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6830] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6826] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] write(3, "1000", 4 [pid 6831] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... write resumed>) = 4 [pid 6831] <... futex resumed>) = 1 [pid 6830] <... futex resumed>) = 0 [pid 6835] close(3 [pid 6830] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... close resumed>) = 0 [pid 6831] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6830] <... futex resumed>) = 0 [pid 6830] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6835] write(1, "executing program\n", 18executing program [pid 6833] <... write resumed>) = 2097152 [pid 6835] <... write resumed>) = 18 [pid 6835] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] munmap(0x7f7017800000, 138412032 [pid 6835] <... futex resumed>) = 0 [pid 6835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6835] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6833] <... munmap resumed>) = 0 [pid 6835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6833] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6836 attached [pid 6836] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6835] <... clone3 resumed> => {parent_tid=[174]}, 88) = 174 [pid 6836] <... rseq resumed>) = 0 [pid 6835] rt_sigprocmask(SIG_SETMASK, [], [pid 6836] set_robust_list(0x7f701fd149a0, 24 [pid 6835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6836] <... set_robust_list resumed>) = 0 [pid 6835] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] rt_sigprocmask(SIG_SETMASK, [], [pid 6835] <... futex resumed>) = 0 [pid 6833] <... openat resumed>) = 4 [pid 6836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6836] memfd_create("syzkaller", 0 [pid 6835] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6833] ioctl(4, LOOP_SET_FD, 3 [pid 6836] <... memfd_create resumed>) = 3 [pid 6836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6833] <... ioctl resumed>) = 0 [pid 6833] close(3) = 0 [pid 6833] close(4) = 0 [pid 6833] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6833] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6829] +++ killed by SIGSEGV (core dumped) +++ [pid 6827] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=172, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 421.877461][ T6833] loop0: detected capacity change from 0 to 4096 [pid 5872] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6836] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6836] munmap(0x7f7017800000, 138412032) = 0 [pid 6836] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6836] close(3) = 0 [pid 6836] close(4) = 0 [pid 6836] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 422.023790][ T6836] loop2: detected capacity change from 0 to 4096 [pid 6836] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6833] <... mount resumed>) = 0 [pid 6833] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6833] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] <... umount2 resumed>) = 0 [pid 6833] <... chdir resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6833] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6833] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6833] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 4 [pid 6833] <... futex resumed>) = 1 [pid 6833] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6832] <... futex resumed>) = 0 [pid 5872] newfstatat(4, "", [pid 6832] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... futex resumed>) = 0 [pid 6832] <... futex resumed>) = 1 [pid 6832] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 6833] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./82/binderfs" [pid 6833] <... openat resumed>) = 4 [pid 5872] <... unlink resumed>) = 0 [pid 6833] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6832] <... futex resumed>) = 0 [pid 6832] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6833] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 6833] <... openat resumed>) = 5 [pid 5872] rmdir("./82") = 0 [pid 6833] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] mkdir("./83", 0777 [pid 6833] <... futex resumed>) = 1 [pid 6832] <... futex resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 6833] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6832] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6833] <... write resumed>) = 1116 [pid 6833] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... openat resumed>) = 3 [pid 6833] <... futex resumed>) = 0 [pid 6832] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] ioctl(3, LOOP_CLR_FD [pid 6833] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6832] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... ioctl resumed>) = 0 [pid 6833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6832] <... futex resumed>) = 0 [pid 5872] close(3 [pid 6832] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6833] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6834] <... futex resumed>) = ? [pid 6833] <... mmap resumed>) = 0x200000000000 [pid 6826] <... futex resumed>) = ? [pid 6834] +++ killed by SIGSEGV (core dumped) +++ [pid 6830] <... futex resumed>) = ? [pid 6833] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6832] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 6832] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6832] <... futex resumed>) = 0 [pid 6832] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6833] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6833] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6832] <... futex resumed>) = 0 [pid 6832] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6832] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6833] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6837 attached [pid 6828] +++ killed by SIGSEGV (core dumped) +++ [pid 6826] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=171, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6837] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 174 [pid 6837] <... set_robust_list resumed>) = 0 [pid 6837] chdir("./83") = 0 [pid 6831] +++ killed by SIGSEGV (core dumped) +++ [pid 6830] +++ killed by SIGSEGV (core dumped) +++ [pid 6837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=178, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 6837] setpgid(0, 0) = 0 [pid 6837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 6837] <... openat resumed>) = 3 [pid 5870] <... restart_syscall resumed>) = 0 [pid 6837] write(3, "1000", 4) = 4 [pid 6836] <... mount resumed>) = 0 [pid 6837] close(3 [pid 6836] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6837] <... close resumed>) = 0 [pid 6836] <... openat resumed>) = 3 [pid 5870] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6837] symlink("/dev/binderfs", "./binderfs" [pid 6836] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6837] <... symlink resumed>) = 0 [pid 6836] <... chdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6837] write(1, "executing program\n", 18 [pid 6836] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... openat resumed>) = 3 [pid 6837] <... write resumed>) = 18 [pid 6836] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6837] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6835] <... futex resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 6835] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6837] <... futex resumed>) = 0 [pid 6837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6835] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6837] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6836] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6835] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... mprotect resumed>) = 0 [pid 6836] <... openat resumed>) = 4 [pid 5870] getdents64(3, [pid 6837] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6836] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6835] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6835] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6835] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6836] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6836] <... openat resumed>) = 5 ./strace-static-x86_64: Process 6838 attached [pid 6836] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6837] <... clone3 resumed> => {parent_tid=[175]}, 88) = 175 [pid 6836] <... futex resumed>) = 1 [pid 6835] <... futex resumed>) = 0 [pid 6837] rt_sigprocmask(SIG_SETMASK, [], [pid 6836] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6838] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6835] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... rseq resumed>) = 0 [pid 6837] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6838] set_robust_list(0x7f701fd149a0, 24 [pid 6837] <... futex resumed>) = 0 [pid 6836] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6838] <... set_robust_list resumed>) = 0 [pid 6837] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6836] <... write resumed>) = 1116 [pid 6838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6835] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] memfd_create("syzkaller", 0 [pid 6836] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6835] <... futex resumed>) = 0 [pid 6836] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6838] <... memfd_create resumed>) = 3 [pid 6836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6835] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6835] <... futex resumed>) = 0 [pid 6836] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6835] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... mmap resumed>) = 0x7f7017800000 [pid 6836] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6835] <... futex resumed>) = 0 [pid 6836] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6835] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6835] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6836] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6836] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6836] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6835] <... futex resumed>) = 0 [pid 6835] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 6836] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6835] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./82/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./82") = 0 [pid 5871] mkdir("./83", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 6838] <... write resumed>) = 2097152 [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3 [pid 5870] <... umount2 resumed>) = 0 [pid 6838] munmap(0x7f7017800000, 138412032) = 0 [pid 5870] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6832] <... futex resumed>) = ? [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 6833] +++ killed by SIGSEGV (core dumped) +++ [pid 6832] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... close resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=170, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5870] rmdir("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] newfstatat(AT_FDCWD, "./82/binderfs", [pid 5868] <... openat resumed>) = 3 [pid 5871] <... close resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] newfstatat(3, "", [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] unlink("./82/binderfs" [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 5868] getdents64(3, [pid 5870] getdents64(3, [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] close(3) = 0 [pid 5870] rmdir("./82") = 0 [pid 5870] mkdir("./83", 0777) = 0 ./strace-static-x86_64: Process 6839 attached [pid 6838] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6839] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 174 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 6839] <... set_robust_list resumed>) = 0 [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 6839] chdir("./83") = 0 [pid 6838] <... openat resumed>) = 4 [pid 6839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6838] ioctl(4, LOOP_SET_FD, 3 [pid 6839] <... prctl resumed>) = 0 [pid 6839] setpgid(0, 0) = 0 [pid 6839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6839] write(3, "1000", 4) = 4 [pid 6839] close(3) = 0 [pid 6839] symlink("/dev/binderfs", "./binderfs" [pid 6835] <... futex resumed>) = ? [pid 5870] <... close resumed>) = 0 [pid 6838] <... ioctl resumed>) = 0 [pid 6839] <... symlink resumed>) = 0 executing program [pid 6839] write(1, "executing program\n", 18 [pid 6838] close(3 [pid 6839] <... write resumed>) = 18 [pid 6839] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... close resumed>) = 0 [pid 6838] close(4) = 0 [pid 6838] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6838] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6839] <... futex resumed>) = 0 [pid 6839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6839] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6836] +++ killed by SIGSEGV (core dumped) +++ [pid 6835] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 180 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=173, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- [pid 6839] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6840 attached [pid 6839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6840] set_robust_list(0x55557616a6a0, 24 [pid 6839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6840] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6841 attached [ 422.587537][ T6838] loop4: detected capacity change from 0 to 4096 [pid 6840] chdir("./83") = 0 [pid 6839] <... clone3 resumed> => {parent_tid=[175]}, 88) = 175 [pid 6839] rt_sigprocmask(SIG_SETMASK, [], [pid 6841] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6841] <... rseq resumed>) = 0 [pid 6840] <... prctl resumed>) = 0 [pid 6839] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] set_robust_list(0x7f701fd149a0, 24 [pid 6840] setpgid(0, 0 [pid 6839] <... futex resumed>) = 0 [pid 5869] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6841] <... set_robust_list resumed>) = 0 [pid 6840] <... setpgid resumed>) = 0 [pid 6839] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6841] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6840] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", [pid 6841] memfd_create("syzkaller", 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6841] <... memfd_create resumed>) = 3 [pid 5869] getdents64(3, [pid 6841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6840] write(3, "1000", 4 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6841] <... mmap resumed>) = 0x7f7017800000 [pid 6840] <... write resumed>) = 4 [pid 5869] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6840] close(3) = 0 [pid 6840] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6840] write(1, "executing program\n", 18 [pid 5868] <... umount2 resumed>) = 0 [pid 6840] <... write resumed>) = 18 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6840] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6842 attached [pid 6840] <... clone3 resumed> => {parent_tid=[181]}, 88) = 181 [pid 5868] umount2("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6840] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6842] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6840] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] <... openat resumed>) = 4 [pid 6842] <... rseq resumed>) = 0 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] newfstatat(4, "", [pid 6842] set_robust_list(0x7f701fd149a0, 24 [pid 6841] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6842] <... set_robust_list resumed>) = 0 [pid 5868] getdents64(4, [pid 6842] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] getdents64(4, [pid 6842] memfd_create("syzkaller", 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x38\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6842] <... memfd_create resumed>) = 3 [pid 5868] newfstatat(AT_FDCWD, "./82/binderfs", [pid 6842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6842] <... mmap resumed>) = 0x7f7017800000 [pid 5868] unlink("./82/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./82") = 0 [pid 5868] mkdir("./83", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6841] <... write resumed>) = 2097152 [pid 6838] <... mount resumed>) = 0 [pid 6838] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6838] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6838] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] <... umount2 resumed>) = 0 [pid 6838] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6838] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... futex resumed>) = 0 [pid 6837] <... futex resumed>) = 1 [pid 6838] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6837] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... openat resumed>) = 4 [pid 5869] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 6838] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6837] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6837] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] <... openat resumed>) = 5 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6841] munmap(0x7f7017800000, 138412032 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6838] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6838] <... futex resumed>) = 1 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6842] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6838] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6837] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6843 attached [pid 6843] set_robust_list(0x55557616a6a0, 24 [pid 6837] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 4 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 172 [pid 6843] <... set_robust_list resumed>) = 0 [pid 6841] <... munmap resumed>) = 0 [pid 6838] <... futex resumed>) = 0 [pid 6837] <... futex resumed>) = 1 [pid 5869] newfstatat(4, "", [pid 6843] chdir("./83" [pid 6841] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6838] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6837] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6843] <... chdir resumed>) = 0 [pid 6841] <... openat resumed>) = 4 [pid 5869] getdents64(4, [pid 6843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6841] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6838] <... write resumed>) = 1116 [pid 6838] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] <... futex resumed>) = 0 [pid 6838] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6837] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] <... mmap resumed>) = 0x200000000000 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(4, [pid 6838] <... futex resumed>) = 1 [pid 6837] <... futex resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6837] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(4 [pid 6843] <... prctl resumed>) = 0 [pid 6837] <... futex resumed>) = 0 [pid 6837] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] setpgid(0, 0 [pid 5869] <... close resumed>) = 0 [pid 6838] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6838] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6843] <... setpgid resumed>) = 0 [pid 6838] <... futex resumed>) = 1 [pid 6837] <... futex resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6837] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6837] <... futex resumed>) = 0 [pid 6843] <... openat resumed>) = 3 [pid 6837] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6843] write(3, "1000", 4 [pid 6841] <... ioctl resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./83/binderfs", [pid 6843] <... write resumed>) = 4 [pid 6843] close(3 [pid 6841] close(3 [pid 6838] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6843] <... close resumed>) = 0 [pid 6841] <... close resumed>) = 0 [pid 5869] unlink("./83/binderfs" [pid 6843] symlink("/dev/binderfs", "./binderfs" [pid 6841] close(4 [pid 5869] <... unlink resumed>) = 0 [pid 6843] <... symlink resumed>) = 0 [pid 6841] <... close resumed>) = 0 [pid 5869] getdents64(3, [pid 6841] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6841] <... mkdir resumed>) = 0 [pid 5869] close(3 [pid 6841] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./83") = 0 executing program [pid 6843] write(1, "executing program\n", 18 [pid 6842] <... write resumed>) = 2097152 [pid 5869] mkdir("./84", 0777 [pid 6843] <... write resumed>) = 18 [pid 6843] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 422.863729][ T6841] loop3: detected capacity change from 0 to 4096 [pid 6843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6842] munmap(0x7f7017800000, 138412032 [pid 5869] <... mkdir resumed>) = 0 [pid 6843] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6842] <... munmap resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6843] <... mprotect resumed>) = 0 [pid 6843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6842] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] <... openat resumed>) = 3 [pid 6843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6842] <... openat resumed>) = 4 [pid 5869] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6844 attached [pid 6842] ioctl(4, LOOP_SET_FD, 3 [pid 6843] <... clone3 resumed> => {parent_tid=[173]}, 88) = 173 [pid 5869] <... ioctl resumed>) = 0 [pid 6844] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6844] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6844] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] close(3 [pid 6843] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... futex resumed>) = 0 [pid 6843] <... futex resumed>) = 1 [pid 6844] memfd_create("syzkaller", 0 [pid 6843] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6844] <... memfd_create resumed>) = 3 [pid 6844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6842] <... ioctl resumed>) = 0 [pid 6842] close(3) = 0 [ 422.954647][ T6842] loop1: detected capacity change from 0 to 4096 [pid 6842] close(4) = 0 [pid 6842] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6842] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6845 attached , child_tidptr=0x55557616a690) = 175 [pid 6845] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6845] chdir("./84") = 0 [pid 6845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6845] setpgid(0, 0) = 0 [pid 6845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6845] write(3, "1000", 4) = 4 [pid 6845] close(3) = 0 [pid 6845] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6845] write(1, "executing program\n", 18) = 18 [pid 6845] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6845] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6844] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6845] <... mprotect resumed>) = 0 [pid 6845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6846 attached [pid 6846] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6846] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6846] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6845] <... clone3 resumed> => {parent_tid=[176]}, 88) = 176 [pid 6845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6845] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... futex resumed>) = 0 [pid 6845] <... futex resumed>) = 1 [pid 6846] memfd_create("syzkaller", 0 [pid 6845] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6846] <... memfd_create resumed>) = 3 [pid 6846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6841] <... mount resumed>) = 0 [pid 6841] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6841] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6841] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6841] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6839] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6839] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6839] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... write resumed>) = 2097152 [pid 6844] munmap(0x7f7017800000, 138412032) = 0 [pid 6841] <... openat resumed>) = 4 [pid 6841] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6839] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6841] <... openat resumed>) = 5 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6844] ioctl(4, LOOP_SET_FD, 3 [pid 6841] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6839] <... futex resumed>) = 0 [pid 6842] <... mount resumed>) = 0 [pid 6841] <... write resumed>) = 1116 [pid 6839] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6841] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6842] <... openat resumed>) = 3 [pid 6841] <... futex resumed>) = 0 [pid 6839] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6841] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6839] <... futex resumed>) = 0 [pid 6841] <... mmap resumed>) = 0x200000000000 [pid 6839] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... chdir resumed>) = 0 [pid 6842] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6844] <... ioctl resumed>) = 0 [pid 6844] close(3) = 0 [pid 6844] close(4) = 0 [pid 6844] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6844] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6841] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6841] <... futex resumed>) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6842] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6842] <... futex resumed>) = 1 [pid 6841] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... futex resumed>) = 0 [pid 6837] <... futex resumed>) = ? [pid 6841] <... futex resumed>) = 1 [pid 6840] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6839] <... futex resumed>) = 0 [pid 6842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6841] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6840] <... futex resumed>) = 0 [ 423.207914][ T6844] loop0: detected capacity change from 0 to 4096 [pid 6839] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... openat resumed>) = 4 [pid 6842] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6838] +++ killed by SIGSEGV (core dumped) +++ [pid 6837] +++ killed by SIGSEGV (core dumped) +++ [pid 6842] <... futex resumed>) = 1 [pid 6840] <... futex resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=174, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6840] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6842] <... openat resumed>) = 5 [pid 6842] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6842] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6846] <... write resumed>) = 2097152 [pid 6842] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] munmap(0x7f7017800000, 138412032) = 0 [pid 6842] <... futex resumed>) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6846] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6840] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... openat resumed>) = 4 [pid 6846] ioctl(4, LOOP_SET_FD, 3 [pid 6842] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... mmap resumed>) = 0x200000000000 [pid 6842] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... ioctl resumed>) = 0 [pid 6846] close(3 [pid 6842] <... futex resumed>) = 1 [pid 6840] <... futex resumed>) = 0 [pid 6846] <... close resumed>) = 0 [pid 6846] close(4) = 0 [pid 6846] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6846] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6842] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6840] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6842] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] <... futex resumed>) = 0 [pid 6840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6842] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6840] <... futex resumed>) = 0 [pid 6840] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6842] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6844] <... mount resumed>) = 0 [pid 6844] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6844] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [ 423.339388][ T6846] loop2: detected capacity change from 0 to 4096 [pid 6844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6844] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6844] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6844] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6844] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6844] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6843] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6843] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... openat resumed>) = 5 [pid 6844] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 6843] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... futex resumed>) = 0 [pid 6843] <... futex resumed>) = 1 [pid 6843] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6844] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6844] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] <... futex resumed>) = 0 [pid 6843] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] <... futex resumed>) = 0 [pid 6843] <... futex resumed>) = 1 [pid 6844] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6843] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... mmap resumed>) = 0x200000000000 [pid 6844] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] <... futex resumed>) = 0 [pid 6844] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6843] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6843] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6844] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6843] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6844] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6844] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6844] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6844] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", [pid 6843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6843] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6844] <... futex resumed>) = 0 [pid 6843] <... futex resumed>) = 1 [pid 5872] close(4 [pid 6843] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... close resumed>) = 0 [pid 6844] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] rmdir("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./83/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./83") = 0 [pid 5872] mkdir("./84", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6847 attached [pid 6846] <... mount resumed>) = 0 [pid 6847] set_robust_list(0x55557616a6a0, 24 [pid 6846] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 176 [pid 6847] <... set_robust_list resumed>) = 0 [pid 6846] <... openat resumed>) = 3 [pid 6846] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6847] chdir("./84" [pid 6846] <... chdir resumed>) = 0 [pid 6846] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6846] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... chdir resumed>) = 0 [pid 6846] <... futex resumed>) = 1 [pid 6845] <... futex resumed>) = 0 [pid 6847] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6845] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... prctl resumed>) = 0 [pid 6839] <... futex resumed>) = ? [pid 6847] setpgid(0, 0 [pid 6846] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6845] <... futex resumed>) = 0 [pid 6847] <... setpgid resumed>) = 0 [pid 6845] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6846] <... openat resumed>) = 4 [pid 6841] +++ killed by SIGSEGV (core dumped) +++ [pid 6839] +++ killed by SIGSEGV (core dumped) +++ [pid 6846] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6847] write(3, "1000", 4 [pid 6845] <... futex resumed>) = 0 [pid 6840] <... futex resumed>) = ? [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=174, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 6847] <... write resumed>) = 4 [pid 6845] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] close(3 [pid 6845] <... futex resumed>) = 0 [pid 5871] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6847] <... close resumed>) = 0 [pid 6846] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6845] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6842] +++ killed by SIGSEGV (core dumped) +++ [pid 6840] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=180, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 6847] symlink("/dev/binderfs", "./binderfs" [pid 5871] newfstatat(3, "", [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... restart_syscall resumed>) = 0 executing program [pid 6846] <... openat resumed>) = 5 [pid 5871] getdents64(3, [pid 6847] <... symlink resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6847] write(1, "executing program\n", 18 [pid 6846] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6847] <... write resumed>) = 18 [pid 6846] <... futex resumed>) = 1 [pid 6845] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6847] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 6847] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6845] <... futex resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 6845] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6847] <... mmap resumed>) = 0x7f701fcf4000 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6847] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6846] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6847] <... mprotect resumed>) = 0 [pid 6846] <... write resumed>) = 1116 [pid 6847] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6846] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6845] <... futex resumed>) = 0 [pid 6847] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6845] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6846] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0./strace-static-x86_64: Process 6848 attached ) = 0x200000000000 [pid 6845] <... futex resumed>) = 0 [pid 6845] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] <... clone3 resumed> => {parent_tid=[177]}, 88) = 177 [pid 6846] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6847] rt_sigprocmask(SIG_SETMASK, [], [pid 6845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6848] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6846] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6847] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6845] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] <... rseq resumed>) = 0 [pid 6847] <... futex resumed>) = 0 [pid 6846] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6845] <... futex resumed>) = 0 [pid 6848] set_robust_list(0x7f701fd149a0, 24 [pid 6847] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6846] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6845] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6848] <... set_robust_list resumed>) = 0 [pid 6846] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6848] rt_sigprocmask(SIG_SETMASK, [], [pid 6846] <... futex resumed>) = 0 [pid 6845] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6846] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6845] <... futex resumed>) = 0 [pid 6848] memfd_create("syzkaller", 0) = 3 [pid 6848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5870] <... umount2 resumed>) = 0 [pid 6843] <... futex resumed>) = ? [pid 5870] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6848] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... umount2 resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6844] +++ killed by SIGSEGV (core dumped) +++ [pid 6843] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=172, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... openat resumed>) = 3 [pid 5871] <... openat resumed>) = 4 [pid 5868] newfstatat(3, "", [pid 5871] newfstatat(4, "", [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 5871] getdents64(4, [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5871] close(4 [pid 5870] newfstatat(4, "", [pid 5871] <... close resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] rmdir("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./83/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./83") = 0 [pid 5871] mkdir("./84", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 6848] <... write resumed>) = 2097152 [pid 6848] munmap(0x7f7017800000, 138412032 [pid 5870] rmdir("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... close resumed>) = 0 [pid 6848] <... munmap resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] newfstatat(AT_FDCWD, "./83/binderfs", [pid 6848] <... openat resumed>) = 4 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 176 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6848] ioctl(4, LOOP_SET_FD, 3 [pid 5870] unlink("./83/binderfs") = 0 [pid 5870] getdents64(3, ./strace-static-x86_64: Process 6849 attached 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6849] set_robust_list(0x55557616a6a0, 24) = 0 executing program [pid 6849] chdir("./84") = 0 [pid 6849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6849] setpgid(0, 0) = 0 [pid 6849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6849] write(3, "1000", 4) = 4 [pid 6849] close(3) = 0 [pid 6849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] close(3 [pid 6849] write(1, "executing program\n", 18) = 18 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6848] <... ioctl resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./83" [pid 6848] close(3 [pid 6849] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6848] <... close resumed>) = 0 [pid 6849] <... mprotect resumed>) = 0 [pid 6848] close(4 [pid 6849] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6848] <... close resumed>) = 0 [pid 6848] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6849] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6848] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] <... rmdir resumed>) = 0 [pid 6849] <... clone3 resumed> => {parent_tid=[177]}, 88) = 177 [pid 6849] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6850 attached NULL, 8) = 0 [pid 6849] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6850] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6850] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5870] mkdir("./84", 0777 [pid 6850] memfd_create("syzkaller", 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6850] <... memfd_create resumed>) = 3 [pid 6850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] <... openat resumed>) = 3 [pid 6850] <... mmap resumed>) = 0x7f7017800000 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 5868] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 423.987266][ T6848] loop4: detected capacity change from 0 to 4096 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x38\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./83/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./83") = 0 [pid 5868] mkdir("./84", 0777 [pid 6846] +++ killed by SIGSEGV (core dumped) +++ [pid 6845] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... close resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=175, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5868] <... openat resumed>) = 3 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6851 attached [pid 5869] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6851] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6851] chdir("./84" [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6851] <... chdir resumed>) = 0 [pid 6851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6851] setpgid(0, 0) = 0 [pid 6851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 182 [pid 6851] <... openat resumed>) = 3 [pid 6851] write(3, "1000", 4) = 4 [pid 6851] close(3) = 0 [pid 6851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6851] write(1, "executing program\n", 18executing program ) = 18 [pid 6851] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6850] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... close resumed>) = 0 [pid 6851] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6852 attached [pid 6851] <... clone3 resumed> => {parent_tid=[183]}, 88) = 183 [pid 6851] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6853 attached NULL, 8) = 0 [pid 6851] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6851] <... futex resumed>) = 0 [pid 6852] <... rseq resumed>) = 0 [pid 6851] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6853] set_robust_list(0x55557616a6a0, 24 [pid 6852] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6852] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 174 [pid 6853] <... set_robust_list resumed>) = 0 [pid 6852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6853] chdir("./84" [pid 6852] memfd_create("syzkaller", 0 [pid 6853] <... chdir resumed>) = 0 [pid 6853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6853] setpgid(0, 0) = 0 [pid 6853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6852] <... memfd_create resumed>) = 3 [pid 6853] <... openat resumed>) = 3 [pid 6852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6853] write(3, "1000", 4) = 4 [pid 6853] close(3) = 0 [pid 6852] <... mmap resumed>) = 0x7f7017800000 [pid 6853] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6853] write(1, "executing program\n", 18) = 18 [pid 6853] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6853] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6853] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6853] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6854 attached => {parent_tid=[175]}, 88) = 175 [pid 6853] rt_sigprocmask(SIG_SETMASK, [], [pid 6854] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6853] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... rseq resumed>) = 0 [pid 6854] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6853] <... futex resumed>) = 0 [pid 6854] rt_sigprocmask(SIG_SETMASK, [], [pid 6853] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6854] memfd_create("syzkaller", 0) = 3 [pid 6854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6848] <... mount resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 6848] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6848] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5869] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6848] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6848] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6850] <... write resumed>) = 2097152 [pid 6848] <... futex resumed>) = 1 [pid 6847] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6847] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6847] <... futex resumed>) = 0 [pid 6847] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", [pid 6850] munmap(0x7f7017800000, 138412032 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6854] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 6850] <... munmap resumed>) = 0 [pid 6848] <... openat resumed>) = 4 [pid 5869] rmdir("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 6850] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6850] ioctl(4, LOOP_SET_FD, 3 [pid 6848] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] <... futex resumed>) = 1 [pid 6847] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6847] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] newfstatat(AT_FDCWD, "./84/binderfs", [pid 6848] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6850] <... ioctl resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6847] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] close(3) = 0 [pid 6850] close(4) = 0 [pid 6848] <... openat resumed>) = 5 [pid 5869] unlink("./84/binderfs" [pid 6850] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6850] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6848] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, [pid 6848] <... futex resumed>) = 1 [pid 6847] <... futex resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 6847] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6847] <... futex resumed>) = 0 [pid 6852] <... write resumed>) = 2097152 [pid 6848] <... write resumed>) = 1116 [pid 6847] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 6848] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] rmdir("./84" [pid 6848] <... futex resumed>) = 1 [pid 6854] <... write resumed>) = 2097152 [pid 6852] munmap(0x7f7017800000, 138412032 [pid 6848] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6847] <... futex resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6847] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] mkdir("./85", 0777 [pid 6848] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6847] <... futex resumed>) = 0 [pid 6848] <... mmap resumed>) = 0x200000000000 [pid 6847] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... mkdir resumed>) = 0 [pid 6848] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6854] munmap(0x7f7017800000, 138412032 [pid 6848] <... futex resumed>) = 1 [pid 6847] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6848] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6847] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6847] <... futex resumed>) = 0 [pid 6847] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... ioctl resumed>) = 0 [pid 6848] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5869] close(3 [ 424.310549][ T6850] loop3: detected capacity change from 0 to 4096 [pid 6848] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... munmap resumed>) = 0 [pid 6852] <... munmap resumed>) = 0 [pid 6848] <... futex resumed>) = 1 [pid 6847] <... futex resumed>) = 0 [pid 6854] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6848] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6847] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6847] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] <... openat resumed>) = 4 [pid 6852] ioctl(4, LOOP_SET_FD, 3 [pid 6854] <... openat resumed>) = 4 [pid 6854] ioctl(4, LOOP_SET_FD, 3 [pid 6852] <... ioctl resumed>) = 0 [pid 6852] close(3) = 0 [pid 6852] close(4) = 0 [pid 6852] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] <... close resumed>) = 0 [pid 6852] <... mkdir resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6852] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"..../strace-static-x86_64: Process 6855 attached [pid 6855] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6855] chdir("./85" [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 177 [pid 6854] <... ioctl resumed>) = 0 [pid 6855] <... chdir resumed>) = 0 [pid 6855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6855] setpgid(0, 0) = 0 [pid 6855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6854] close(3) = 0 [pid 6855] <... openat resumed>) = 3 [pid 6854] close(4) = 0 [pid 6854] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6855] write(3, "1000", 4) = 4 [ 424.388438][ T6852] loop1: detected capacity change from 0 to 4096 [ 424.406128][ T6854] loop0: detected capacity change from 0 to 4096 [pid 6854] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6855] close(3 [pid 6850] <... mount resumed>) = 0 executing program [pid 6855] <... close resumed>) = 0 [pid 6850] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6850] <... openat resumed>) = 3 [pid 6850] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6855] write(1, "executing program\n", 18 [pid 6850] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6855] <... write resumed>) = 18 [pid 6850] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6855] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6850] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6850] <... futex resumed>) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6855] <... mmap resumed>) = 0x7f701fcf4000 [pid 6849] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6850] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6855] <... mprotect resumed>) = 0 [pid 6855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6856 attached => {parent_tid=[178]}, 88) = 178 [pid 6855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6855] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... openat resumed>) = 4 [pid 6856] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6855] <... futex resumed>) = 0 [pid 6856] set_robust_list(0x7f701fd149a0, 24 [pid 6855] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6856] <... set_robust_list resumed>) = 0 [pid 6856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6850] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] memfd_create("syzkaller", 0 [pid 6850] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... memfd_create resumed>) = 3 [pid 6850] <... openat resumed>) = 5 [pid 6856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6850] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6850] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... futex resumed>) = 0 [pid 6849] <... futex resumed>) = 1 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6850] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6850] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6850] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] <... futex resumed>) = 0 [pid 6849] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6849] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6850] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6856] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6852] <... mount resumed>) = 0 [pid 6852] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6852] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6852] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6852] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6851] <... futex resumed>) = 0 [pid 6851] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6852] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6851] <... futex resumed>) = 0 [pid 6852] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6851] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6851] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] <... futex resumed>) = 0 [pid 6852] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6852] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6851] <... futex resumed>) = 0 [pid 6852] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6851] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6851] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] <... futex resumed>) = 0 [pid 6852] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6854] <... mount resumed>) = 0 [pid 6852] <... write resumed>) = 1116 [pid 6852] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6852] <... futex resumed>) = 1 [pid 6851] <... futex resumed>) = 0 [pid 6852] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6851] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... write resumed>) = 2097152 [pid 6852] <... mmap resumed>) = 0x200000000000 [pid 6854] <... openat resumed>) = 3 [pid 6854] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6852] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] munmap(0x7f7017800000, 138412032 [pid 6852] <... futex resumed>) = 1 [pid 6851] <... futex resumed>) = 0 [pid 6854] <... chdir resumed>) = 0 [pid 6851] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6852] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6851] <... futex resumed>) = 0 [pid 6854] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6851] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6854] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6856] <... munmap resumed>) = 0 [pid 6854] <... futex resumed>) = 1 [pid 6853] <... futex resumed>) = 0 [pid 6852] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6853] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6851] <... futex resumed>) = 0 [pid 6851] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6853] <... futex resumed>) = 0 [pid 6853] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6856] <... openat resumed>) = 4 [pid 6852] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6854] <... openat resumed>) = 4 [pid 6856] ioctl(4, LOOP_SET_FD, 3 [pid 6854] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6853] <... futex resumed>) = 0 [pid 6853] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6853] <... futex resumed>) = 0 [pid 6853] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... ioctl resumed>) = 0 [pid 6854] <... openat resumed>) = 5 [pid 6856] close(3) = 0 [pid 6856] close(4) = 0 [pid 6856] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6856] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6854] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 424.731432][ T6856] loop2: detected capacity change from 0 to 4096 [pid 6854] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6853] <... futex resumed>) = 0 [pid 6853] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... futex resumed>) = 0 [pid 6853] <... futex resumed>) = 1 [pid 6854] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6853] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6854] <... write resumed>) = 1116 [pid 6854] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6853] <... futex resumed>) = 0 [pid 6854] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6853] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6853] <... futex resumed>) = 0 [pid 6854] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6853] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6854] <... mmap resumed>) = 0x200000000000 [pid 6854] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6853] <... futex resumed>) = 0 [pid 6853] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6853] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6854] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6854] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6853] <... futex resumed>) = 0 [pid 6854] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6853] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... futex resumed>) = ? [pid 6848] +++ killed by SIGSEGV (core dumped) +++ [pid 6847] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=176, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", [pid 6849] <... futex resumed>) = ? [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6850] +++ killed by SIGSEGV (core dumped) +++ [pid 6849] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=176, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5871] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6856] <... mount resumed>) = 0 [pid 6856] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6856] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6856] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6856] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6855] <... futex resumed>) = 0 [pid 6855] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6856] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6855] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... openat resumed>) = 4 [pid 6855] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6856] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] <... futex resumed>) = 0 [pid 6855] <... futex resumed>) = 0 [pid 6856] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 6855] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 6857 attached => {parent_tid=[179]}, 88) = 179 [pid 6855] rt_sigprocmask(SIG_SETMASK, [], [pid 6857] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 6855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6857] <... rseq resumed>) = 0 [pid 6855] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] set_robust_list(0x7f701fcf39a0, 24 [pid 6855] <... futex resumed>) = 0 [pid 6857] <... set_robust_list resumed>) = 0 [pid 6855] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6857] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6857] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6855] <... futex resumed>) = 0 [pid 6857] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6855] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6856] <... futex resumed>) = 0 [pid 6855] <... futex resumed>) = 1 [pid 6856] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6855] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] <... write resumed>) = 1116 [pid 6856] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6855] <... futex resumed>) = 0 [pid 6855] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6855] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6856] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6855] <... futex resumed>) = 0 [pid 6855] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6855] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6856] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6856] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6855] <... futex resumed>) = 0 [pid 6856] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6855] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 5871] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6851] <... futex resumed>) = ? [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5872] unlink("./84/binderfs" [pid 5871] newfstatat(4, "", [pid 5872] <... unlink resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, [pid 5871] getdents64(4, [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./84") = 0 [pid 5872] mkdir("./85", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] getdents64(4, [pid 5872] close(3 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6852] +++ killed by SIGSEGV (core dumped) +++ [pid 6851] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] close(4 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=182, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [pid 5870] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 178 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./84/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 ./strace-static-x86_64: Process 6858 attached [pid 5871] rmdir("./84" [pid 6858] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... rmdir resumed>) = 0 [pid 6858] <... set_robust_list resumed>) = 0 [pid 5871] mkdir("./85", 0777 [pid 6858] chdir("./85" [pid 5871] <... mkdir resumed>) = 0 [pid 6858] <... chdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... openat resumed>) = 3 [pid 6858] <... prctl resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 6858] setpgid(0, 0 [pid 5871] <... ioctl resumed>) = 0 [pid 6858] <... setpgid resumed>) = 0 [pid 5871] close(3 [pid 6858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6858] write(3, "1000", 4) = 4 [pid 5871] <... close resumed>) = 0 [pid 6858] close(3) = 0 [pid 6858] symlink("/dev/binderfs", "./binderfs" [pid 6853] <... futex resumed>) = ? executing program [pid 6858] <... symlink resumed>) = 0 [pid 6858] write(1, "executing program\n", 18) = 18 [pid 6854] +++ killed by SIGSEGV (core dumped) +++ [pid 6853] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=174, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 6858] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6858] <... mmap resumed>) = 0x7f701fcf4000 ./strace-static-x86_64: Process 6859 attached [pid 6858] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 178 [pid 6858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6859] set_robust_list(0x55557616a6a0, 24 [pid 6858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] <... umount2 resumed>) = 0 [pid 6859] <... set_robust_list resumed>) = 0 [pid 6859] chdir("./85"./strace-static-x86_64: Process 6860 attached [pid 6858] <... clone3 resumed> => {parent_tid=[179]}, 88) = 179 [pid 6860] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6859] <... chdir resumed>) = 0 [pid 6860] <... rseq resumed>) = 0 [pid 6859] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6858] rt_sigprocmask(SIG_SETMASK, [], [pid 6860] set_robust_list(0x7f701fd149a0, 24 [pid 6859] <... prctl resumed>) = 0 [pid 6858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6860] <... set_robust_list resumed>) = 0 [pid 6860] rt_sigprocmask(SIG_SETMASK, [], [pid 6859] setpgid(0, 0 [pid 6858] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6859] <... setpgid resumed>) = 0 [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6860] memfd_create("syzkaller", 0 [pid 6859] <... openat resumed>) = 3 [pid 6859] write(3, "1000", 4 [pid 6860] <... memfd_create resumed>) = 3 [pid 6859] <... write resumed>) = 4 [pid 6860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6859] close(3 [pid 6860] <... mmap resumed>) = 0x7f7017800000 [pid 6859] <... close resumed>) = 0 [pid 6859] symlink("/dev/binderfs", "./binderfs" [pid 5870] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 6859] <... symlink resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6859] write(1, "executing program\n", 18) = 18 [pid 6859] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6859] <... mmap resumed>) = 0x7f701fcf4000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6859] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5870] newfstatat(4, "", [pid 6859] <... mprotect resumed>) = 0 [pid 6859] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6859] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6859] <... clone3 resumed> => {parent_tid=[179]}, 88) = 179 [pid 6859] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6861 attached NULL, 8) = 0 [pid 5870] newfstatat(AT_FDCWD, "./84/binderfs", [pid 6859] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./84/binderfs" [pid 6861] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5870] <... unlink resumed>) = 0 [pid 6861] <... rseq resumed>) = 0 [pid 6861] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6861] rt_sigprocmask(SIG_SETMASK, [], [pid 6857] <... futex resumed>) = ? [pid 6855] <... futex resumed>) = ? [pid 5870] getdents64(3, [pid 6861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6861] memfd_create("syzkaller", 0 [pid 6857] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6856] +++ killed by SIGSEGV (core dumped) +++ [pid 6855] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] close(3) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=177, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 6861] <... memfd_create resumed>) = 3 [pid 5870] rmdir("./84" [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./85", 0777 [pid 5869] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... mkdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6860] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5868] <... umount2 resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5868] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... ioctl resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] close(3 [pid 5869] getdents64(3, [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 6862 attached [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 184 [pid 5868] getdents64(4, [pid 6862] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4 [pid 6862] <... set_robust_list resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 6862] chdir("./85" [pid 5868] rmdir("\x2e\x2f\x38\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6862] <... chdir resumed>) = 0 [pid 6862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6862] setpgid(0, 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6862] <... setpgid resumed>) = 0 [pid 6862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6862] <... openat resumed>) = 3 [pid 6862] write(3, "1000", 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6862] <... write resumed>) = 4 [pid 6862] close(3 [pid 5868] newfstatat(AT_FDCWD, "./84/binderfs", [pid 6862] <... close resumed>) = 0 [pid 6862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6862] write(1, "executing program\n", 18 [pid 6861] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] unlink("./84/binderfs"executing program [pid 6862] <... write resumed>) = 18 [pid 5868] <... unlink resumed>) = 0 [pid 6862] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(3, [pid 6862] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] close(3 [pid 6862] <... mmap resumed>) = 0x7f701fcf4000 [pid 6862] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5868] <... close resumed>) = 0 [pid 6862] <... mprotect resumed>) = 0 [pid 6862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6863 attached [pid 5868] rmdir("./84" [pid 6862] <... clone3 resumed> => {parent_tid=[185]}, 88) = 185 [pid 5868] <... rmdir resumed>) = 0 [pid 6863] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5868] mkdir("./85", 0777 [pid 6863] <... rseq resumed>) = 0 [pid 6862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 6863] set_robust_list(0x7f701fd149a0, 24 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6863] <... set_robust_list resumed>) = 0 [pid 6862] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] rt_sigprocmask(SIG_SETMASK, [], [pid 6862] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6862] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6863] memfd_create("syzkaller", 0 [pid 6860] <... write resumed>) = 2097152 [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 6860] munmap(0x7f7017800000, 138412032) = 0 [pid 6860] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6863] <... memfd_create resumed>) = 3 [pid 6861] <... write resumed>) = 2097152 [pid 6860] <... openat resumed>) = 4 [pid 6860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6861] munmap(0x7f7017800000, 138412032 [pid 6863] <... mmap resumed>) = 0x7f7017800000 [pid 6861] <... munmap resumed>) = 0 [pid 6861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6861] ioctl(4, LOOP_SET_FD, 3 [pid 6860] close(3) = 0 [pid 6860] close(4) = 0 [pid 6860] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 425.588446][ T6860] loop4: detected capacity change from 0 to 4096 [pid 6860] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6864 attached [pid 5869] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 176 [pid 6864] set_robust_list(0x55557616a6a0, 24 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6864] <... set_robust_list resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6864] chdir("./85" [pid 5869] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6864] <... chdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6864] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6864] <... prctl resumed>) = 0 [pid 5869] <... openat resumed>) = 4 [pid 6864] setpgid(0, 0 [pid 5869] newfstatat(4, "", [pid 6864] <... setpgid resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, [pid 6864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6864] <... openat resumed>) = 3 [pid 6861] <... ioctl resumed>) = 0 [pid 5869] getdents64(4, [pid 6864] write(3, "1000", 4 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6864] <... write resumed>) = 4 [pid 6861] close(3) = 0 [pid 6861] close(4) = 0 [pid 6861] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6861] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] close(4 [pid 6864] close(3 [pid 5869] <... close resumed>) = 0 [pid 6864] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6864] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... rmdir resumed>) = 0 [pid 6864] <... symlink resumed>) = 0 [pid 5869] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6864] write(1, "executing program\n", 18 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6864] <... write resumed>) = 18 [pid 5869] newfstatat(AT_FDCWD, "./85/binderfs", [pid 6864] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6864] <... futex resumed>) = 0 [pid 5869] unlink("./85/binderfs" [pid 6864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] <... unlink resumed>) = 0 [pid 6864] <... mmap resumed>) = 0x7f701fcf4000 [pid 6864] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] getdents64(3, [pid 6864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6865 attached [pid 5869] close(3) = 0 [pid 6865] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6864] <... clone3 resumed> => {parent_tid=[177]}, 88) = 177 [pid 5869] rmdir("./85" [pid 6865] <... rseq resumed>) = 0 [pid 6864] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... rmdir resumed>) = 0 [pid 6865] set_robust_list(0x7f701fd149a0, 24 [pid 6864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] mkdir("./86", 0777 [pid 6865] <... set_robust_list resumed>) = 0 [ 425.633532][ T6861] loop3: detected capacity change from 0 to 4096 [pid 6865] rt_sigprocmask(SIG_SETMASK, [], [pid 6864] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... mkdir resumed>) = 0 [pid 6865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6864] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6864] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 6865] memfd_create("syzkaller", 0 [pid 5869] close(3 [pid 6865] <... memfd_create resumed>) = 3 [pid 6865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6863] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6861] <... mount resumed>) = 0 [pid 6861] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] <... close resumed>) = 0 [pid 6861] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6861] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6861] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] <... futex resumed>) = 0 [pid 6859] <... futex resumed>) = 1 [pid 6861] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6859] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6866 attached , child_tidptr=0x55557616a690) = 180 [pid 6861] <... openat resumed>) = 4 [pid 6866] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6866] chdir("./86" [pid 6865] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6866] <... chdir resumed>) = 0 [pid 6866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6866] setpgid(0, 0) = 0 [pid 6866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6866] write(3, "1000", 4) = 4 [pid 6861] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] close(3) = 0 [pid 6861] <... futex resumed>) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6866] symlink("/dev/binderfs", "./binderfs" [pid 6861] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... symlink resumed>) = 0 [pid 6861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] <... futex resumed>) = 0 [pid 6866] write(1, "executing program\n", 18 [pid 6859] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6866] <... write resumed>) = 18 [pid 6861] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6866] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6861] <... openat resumed>) = 5 [pid 6866] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6861] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6861] <... futex resumed>) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6861] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] <... futex resumed>) = 0 [pid 6866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6861] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6859] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6867 attached [pid 6863] <... write resumed>) = 2097152 [pid 6861] <... write resumed>) = 1116 [pid 6860] <... mount resumed>) = 0 [pid 6867] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6866] <... clone3 resumed> => {parent_tid=[181]}, 88) = 181 [pid 6867] <... rseq resumed>) = 0 [pid 6863] munmap(0x7f7017800000, 138412032 [pid 6861] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6867] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6867] rt_sigprocmask(SIG_SETMASK, [], [pid 6861] <... futex resumed>) = 1 [pid 6860] <... openat resumed>) = 3 [pid 6859] <... futex resumed>) = 0 [pid 6867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6859] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] <... futex resumed>) = 0 [pid 6859] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6866] rt_sigprocmask(SIG_SETMASK, [], [pid 6863] <... munmap resumed>) = 0 [pid 6861] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6860] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6861] <... mmap resumed>) = 0x200000000000 [pid 6860] <... chdir resumed>) = 0 [pid 6866] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6867] <... futex resumed>) = 0 [pid 6866] <... futex resumed>) = 1 [pid 6867] memfd_create("syzkaller", 0 [pid 6866] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6867] <... memfd_create resumed>) = 3 [pid 6860] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6860] <... futex resumed>) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6867] <... mmap resumed>) = 0x7f7017800000 [pid 6858] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] <... futex resumed>) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6861] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] <... futex resumed>) = 0 [pid 6861] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6859] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6863] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6861] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... openat resumed>) = 4 [pid 6863] <... openat resumed>) = 4 [pid 6861] <... futex resumed>) = 1 [pid 6860] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] <... futex resumed>) = 1 [pid 6859] <... futex resumed>) = 0 [pid 6858] <... futex resumed>) = 0 [pid 6860] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6859] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] <... futex resumed>) = 0 [pid 6860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6859] <... futex resumed>) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6861] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6860] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6859] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6858] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] ioctl(4, LOOP_SET_FD, 3 [pid 6860] <... openat resumed>) = 5 [pid 6863] <... ioctl resumed>) = 0 [pid 6860] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6860] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6858] <... futex resumed>) = 1 [pid 6860] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6858] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... write resumed>) = 1116 [pid 6860] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6865] <... write resumed>) = 2097152 [pid 6863] close(3 [pid 6860] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6858] <... futex resumed>) = 0 [pid 6863] <... close resumed>) = 0 [pid 6863] close(4 [pid 6858] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... close resumed>) = 0 [pid 6860] <... futex resumed>) = 0 [pid 6858] <... futex resumed>) = 1 [pid 6863] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6860] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6858] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6863] <... mkdir resumed>) = 0 [pid 6860] <... mmap resumed>) = 0x200000000000 [ 425.870368][ T6863] loop1: detected capacity change from 0 to 4096 [pid 6865] munmap(0x7f7017800000, 138412032 [pid 6860] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6860] <... futex resumed>) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6858] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6860] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6860] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6858] <... futex resumed>) = 0 [pid 6858] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] <... munmap resumed>) = 0 [pid 6860] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6865] close(3) = 0 [pid 6865] close(4) = 0 [pid 6865] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 425.963065][ T6865] loop0: detected capacity change from 0 to 4096 [pid 6865] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6867] <... write resumed>) = 2097152 [pid 6867] munmap(0x7f7017800000, 138412032) = 0 [pid 6867] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6867] ioctl(4, LOOP_SET_FD, 3 [pid 6863] <... mount resumed>) = 0 [pid 6863] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6863] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6863] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6867] <... ioctl resumed>) = 0 [pid 6867] close(3 [pid 6863] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6867] <... close resumed>) = 0 [pid 6867] close(4) = 0 [pid 6863] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6863] <... futex resumed>) = 1 [pid 6863] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] <... mkdir resumed>) = 0 [pid 6862] <... futex resumed>) = 0 [pid 6862] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6863] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 426.089518][ T6867] loop2: detected capacity change from 0 to 4096 [pid 6863] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6863] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6863] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6862] <... futex resumed>) = 0 [pid 6862] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6863] <... futex resumed>) = 0 [pid 6862] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6863] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6862] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6862] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6863] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6863] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6862] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... mmap resumed>) = 0x200000000000 [pid 6862] <... futex resumed>) = 0 [pid 6863] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6862] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] <... futex resumed>) = 0 [pid 6862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6863] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6862] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6862] <... futex resumed>) = 0 [pid 6863] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6862] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6863] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6863] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6862] <... futex resumed>) = 0 [pid 6862] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6862] <... futex resumed>) = 0 [pid 6865] <... mount resumed>) = 0 [pid 6865] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6859] <... futex resumed>) = ? [pid 6865] <... openat resumed>) = 3 [pid 6865] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6865] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6865] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6864] <... futex resumed>) = 0 [pid 6864] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... futex resumed>) = 0 [pid 6864] <... futex resumed>) = 1 [pid 6865] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6864] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... mount resumed>) = 0 [pid 6867] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6867] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6865] <... openat resumed>) = 4 [pid 6867] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6865] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6867] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6864] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6864] <... futex resumed>) = 0 [pid 6864] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... openat resumed>) = 5 [pid 6867] <... futex resumed>) = 1 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6866] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6864] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... write resumed>) = 1116 [pid 6864] <... futex resumed>) = 0 [pid 6864] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... openat resumed>) = 4 [pid 6865] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6864] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... mmap resumed>) = 0x200000000000 [pid 6864] <... futex resumed>) = 0 [pid 6865] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6864] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] <... futex resumed>) = 0 [pid 6864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6867] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6864] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] +++ killed by SIGSEGV (core dumped) +++ [pid 6859] +++ killed by SIGSEGV (core dumped) +++ [pid 6865] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6864] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=178, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 6867] <... futex resumed>) = 1 [pid 6866] <... futex resumed>) = 0 [pid 6865] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6866] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... restart_syscall resumed>) = 0 [pid 6865] <... futex resumed>) = 1 [pid 6864] <... futex resumed>) = 0 [pid 6865] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6864] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6867] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6867] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5871] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6867] <... mmap resumed>) = 0x200000000000 [pid 6867] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", [pid 6858] <... futex resumed>) = ? [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6860] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6858] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=178, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 6867] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6867] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6867] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6867] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6866] <... futex resumed>) = 0 [pid 5872] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6863] +++ killed by SIGSEGV (core dumped) +++ [pid 6862] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=184, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5871] unlink("./85/binderfs" [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... unlink resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./85" [pid 5870] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... rmdir resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] mkdir("./86", 0777 [pid 5870] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... mkdir resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 6864] <... futex resumed>) = ? [pid 5871] <... ioctl resumed>) = 0 [pid 6865] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] close(3 [pid 6864] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=176, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5868] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6868 attached [pid 5872] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6868] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6868] <... set_robust_list resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 180 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", [pid 6868] chdir("./86" [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6868] <... chdir resumed>) = 0 [pid 6868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] getdents64(4, [pid 6868] <... prctl resumed>) = 0 [pid 6868] setpgid(0, 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6868] <... setpgid resumed>) = 0 [pid 5872] getdents64(4, [pid 6868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 6868] <... openat resumed>) = 3 [pid 5872] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 6868] write(3, "1000", 4 [pid 5872] rmdir("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5870] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... rmdir resumed>) = 0 [pid 5872] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6868] <... write resumed>) = 4 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6868] close(3 [pid 5872] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6868] <... close resumed>) = 0 [pid 5872] unlink("./85/binderfs" [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... unlink resumed>) = 0 [pid 6868] symlink("/dev/binderfs", "./binderfs" [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./85/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./85") = 0 [pid 5870] mkdir("./86", 0777 [pid 6868] <... symlink resumed>) = 0 [pid 6867] +++ killed by SIGSEGV (core dumped) +++ [pid 6866] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] getdents64(3, [pid 5870] <... mkdir resumed>) = 0 executing program [pid 6868] write(1, "executing program\n", 18 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=180, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 6868] <... write resumed>) = 18 [pid 5872] close(3 [pid 6868] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6868] <... futex resumed>) = 0 [pid 5872] rmdir("./85" [pid 5870] <... openat resumed>) = 3 [pid 5869] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] <... rmdir resumed>) = 0 [pid 6868] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] mkdir("./86", 0777 [pid 5870] <... ioctl resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6868] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5870] close(3 [pid 5869] <... openat resumed>) = 3 [pid 6868] <... mprotect resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 6868] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] getdents64(3, [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] <... ioctl resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(3 [pid 5870] <... close resumed>) = 0 [pid 6868] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 6868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6868] <... clone3 resumed> => {parent_tid=[181]}, 88) = 181 ./strace-static-x86_64: Process 6869 attached ./strace-static-x86_64: Process 6870 attached [pid 6868] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 186 [pid 6869] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6869] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6869] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] set_robust_list(0x55557616a6a0, 24 [pid 6868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... close resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6870] <... set_robust_list resumed>) = 0 [pid 6868] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6869] <... futex resumed>) = 0 [pid 6868] <... futex resumed>) = 1 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6870] chdir("./86" [pid 6869] memfd_create("syzkaller", 0 [pid 6868] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6871 attached [pid 6870] <... chdir resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6871] set_robust_list(0x55557616a6a0, 24 [pid 6870] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 180 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6870] <... prctl resumed>) = 0 [pid 6871] <... set_robust_list resumed>) = 0 [pid 6869] <... memfd_create resumed>) = 3 [pid 5868] <... openat resumed>) = 4 [pid 6870] setpgid(0, 0 [pid 5868] newfstatat(4, "", [pid 6871] chdir("./86" [pid 6869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6870] <... setpgid resumed>) = 0 [pid 5868] getdents64(4, [pid 6870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6869] <... mmap resumed>) = 0x7f7017800000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6871] <... chdir resumed>) = 0 [pid 6870] <... openat resumed>) = 3 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x38\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6871] <... prctl resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./85/binderfs", [pid 6870] write(3, "1000", 4 [pid 6871] setpgid(0, 0 [pid 6870] <... write resumed>) = 4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6871] <... setpgid resumed>) = 0 [pid 6870] close(3 [pid 5868] unlink("./85/binderfs" [pid 6870] <... close resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 6871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6870] symlink("/dev/binderfs", "./binderfs" [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6870] <... symlink resumed>) = 0 executing program [pid 6871] <... openat resumed>) = 3 [pid 6870] write(1, "executing program\n", 18 [pid 5868] close(3) = 0 [pid 5868] rmdir("./85" [pid 6870] <... write resumed>) = 18 [pid 5868] <... rmdir resumed>) = 0 [pid 6871] write(3, "1000", 4 [pid 6870] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] mkdir("./86", 0777 [pid 6870] <... futex resumed>) = 0 [pid 6870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] <... mkdir resumed>) = 0 [pid 6871] <... write resumed>) = 4 [pid 6871] close(3) = 0 [pid 6870] <... mmap resumed>) = 0x7f701fcf4000 [pid 6871] symlink("/dev/binderfs", "./binderfs" [pid 6870] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 6871] <... symlink resumed>) = 0 [pid 6870] <... mprotect resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6870] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... ioctl resumed>) = 0 [pid 6871] write(1, "executing program\n", 18 [pid 6870] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6871] <... write resumed>) = 18 [pid 6870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6871] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(3./strace-static-x86_64: Process 6872 attached [pid 6871] <... futex resumed>) = 0 [pid 6872] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6872] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6872] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... umount2 resumed>) = 0 [pid 6871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6870] <... clone3 resumed> => {parent_tid=[187]}, 88) = 187 [pid 6869] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6870] rt_sigprocmask(SIG_SETMASK, [], [pid 6871] <... mmap resumed>) = 0x7f701fcf4000 [pid 6870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6871] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6870] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] <... futex resumed>) = 0 [pid 6871] <... mprotect resumed>) = 0 [pid 6870] <... futex resumed>) = 1 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6872] memfd_create("syzkaller", 0 [pid 6871] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6870] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6871] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6872] <... memfd_create resumed>) = 3 [pid 6872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 6873 attached [pid 6871] <... clone3 resumed> => {parent_tid=[181]}, 88) = 181 [pid 6871] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6873] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6873] <... rseq resumed>) = 0 [pid 6871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... close resumed>) = 0 [pid 6873] set_robust_list(0x7f701fd149a0, 24 [pid 5869] <... openat resumed>) = 4 [pid 6871] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6873] <... set_robust_list resumed>) = 0 [pid 6873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6874 attached [pid 6873] memfd_create("syzkaller", 0 [pid 6871] <... futex resumed>) = 0 [pid 5869] newfstatat(4, "", [pid 6873] <... memfd_create resumed>) = 3 [pid 6871] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6874] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 178 [pid 5869] getdents64(4, [pid 6873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 6874] <... set_robust_list resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6874] chdir("./86" [pid 5869] close(4) = 0 [pid 6874] <... chdir resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6874] setpgid(0, 0 [pid 5869] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6874] <... setpgid resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] newfstatat(AT_FDCWD, "./86/binderfs", [pid 6874] <... openat resumed>) = 3 [pid 6869] <... write resumed>) = 2097152 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./86/binderfs") = 0 [pid 6874] write(3, "1000", 4 [pid 5869] getdents64(3, [pid 6874] <... write resumed>) = 4 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6874] close(3 [pid 5869] close(3 [pid 6874] <... close resumed>) = 0 [pid 6874] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... close resumed>) = 0 [pid 6874] <... symlink resumed>) = 0 [pid 5869] rmdir("./86") = 0 [pid 6874] write(1, "executing program\n", 18 [pid 5869] mkdir("./87", 0777executing program [pid 6874] <... write resumed>) = 18 [pid 5869] <... mkdir resumed>) = 0 [pid 6874] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6874] <... futex resumed>) = 0 [pid 6874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] <... openat resumed>) = 3 [pid 6874] <... mmap resumed>) = 0x7f701fcf4000 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6874] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... ioctl resumed>) = 0 [pid 6874] <... mprotect resumed>) = 0 [pid 5869] close(3 [pid 6874] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6869] munmap(0x7f7017800000, 138412032 [pid 6874] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6869] <... munmap resumed>) = 0 [pid 6874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6873] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 6875 attached [pid 6875] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6869] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6875] <... rseq resumed>) = 0 [pid 6869] <... openat resumed>) = 4 [pid 6875] set_robust_list(0x7f701fd149a0, 24 [pid 6869] ioctl(4, LOOP_SET_FD, 3 [pid 6875] <... set_robust_list resumed>) = 0 [pid 6874] <... clone3 resumed> => {parent_tid=[179]}, 88) = 179 [pid 6875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6874] rt_sigprocmask(SIG_SETMASK, [], [pid 6875] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6874] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... futex resumed>) = 0 [pid 6874] <... futex resumed>) = 1 [pid 5869] <... close resumed>) = 0 [pid 6872] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6875] memfd_create("syzkaller", 0 [pid 6874] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6869] <... ioctl resumed>) = 0 [pid 6875] <... memfd_create resumed>) = 3 [pid 6875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6869] close(3) = 0 [pid 6869] close(4) = 0 [pid 6869] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6869] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 427.170088][ T6869] loop3: detected capacity change from 0 to 4096 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6876 attached , child_tidptr=0x55557616a690) = 182 [pid 6876] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6876] chdir("./87") = 0 [pid 6876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6876] setpgid(0, 0) = 0 [pid 6876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6876] write(3, "1000", 4) = 4 [pid 6876] close(3) = 0 [pid 6876] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6876] write(1, "executing program\n", 18) = 18 [pid 6876] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6873] <... write resumed>) = 2097152 [pid 6876] <... mmap resumed>) = 0x7f701fcf4000 [pid 6876] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6875] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6873] munmap(0x7f7017800000, 138412032 [pid 6876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6872] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 6877 attached [pid 6873] <... munmap resumed>) = 0 [pid 6877] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6876] <... clone3 resumed> => {parent_tid=[183]}, 88) = 183 [pid 6872] munmap(0x7f7017800000, 138412032 [pid 6877] <... rseq resumed>) = 0 [pid 6876] rt_sigprocmask(SIG_SETMASK, [], [pid 6872] <... munmap resumed>) = 0 [pid 6877] set_robust_list(0x7f701fd149a0, 24 [pid 6876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6877] <... set_robust_list resumed>) = 0 [pid 6876] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] rt_sigprocmask(SIG_SETMASK, [], [pid 6876] <... futex resumed>) = 0 [pid 6873] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6876] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6873] <... openat resumed>) = 4 [pid 6873] ioctl(4, LOOP_SET_FD, 3 [pid 6877] memfd_create("syzkaller", 0 [pid 6875] <... write resumed>) = 2097152 [pid 6875] munmap(0x7f7017800000, 138412032 [pid 6877] <... memfd_create resumed>) = 3 [pid 6877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6872] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6869] <... mount resumed>) = 0 [pid 6872] <... openat resumed>) = 4 [pid 6869] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6872] ioctl(4, LOOP_SET_FD, 3 [pid 6869] <... openat resumed>) = 3 [pid 6869] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6873] <... ioctl resumed>) = 0 [pid 6872] <... ioctl resumed>) = 0 [pid 6869] <... chdir resumed>) = 0 [pid 6873] close(3 [pid 6872] close(3 [pid 6873] <... close resumed>) = 0 [pid 6872] <... close resumed>) = 0 [pid 6873] close(4 [pid 6872] close(4 [pid 6873] <... close resumed>) = 0 [pid 6872] <... close resumed>) = 0 [pid 6873] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6872] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6873] <... mkdir resumed>) = 0 [pid 6872] <... mkdir resumed>) = 0 [pid 6873] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6875] <... munmap resumed>) = 0 [pid 6872] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6869] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6875] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6869] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6869] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] <... openat resumed>) = 4 [ 427.316479][ T6873] loop4: detected capacity change from 0 to 4096 [ 427.331634][ T6872] loop1: detected capacity change from 0 to 4096 [pid 6875] ioctl(4, LOOP_SET_FD, 3 [pid 6869] <... openat resumed>) = 4 [pid 6869] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6875] <... ioctl resumed>) = 0 [pid 6869] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] close(3 [pid 6869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6868] <... futex resumed>) = 0 [pid 6875] <... close resumed>) = 0 [pid 6869] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6868] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] <... openat resumed>) = 5 [pid 6875] close(4) = 0 [pid 6869] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6869] <... futex resumed>) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6875] <... mkdir resumed>) = 0 [pid 6869] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6868] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6869] <... write resumed>) = 1116 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6868] <... futex resumed>) = 0 [pid 6868] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6869] <... mmap resumed>) = 0x200000000000 [ 427.381463][ T6875] loop0: detected capacity change from 0 to 4096 [pid 6869] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6868] <... futex resumed>) = 0 [pid 6869] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 0 [pid 6868] <... futex resumed>) = 1 [pid 6869] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6868] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6869] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6869] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6868] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6868] <... futex resumed>) = 0 [pid 6869] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6868] ???( [pid 6877] <... write resumed>) = 2097152 [pid 6877] munmap(0x7f7017800000, 138412032) = 0 [pid 6877] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6872] <... mount resumed>) = 0 [pid 6877] <... openat resumed>) = 4 [pid 6872] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6877] ioctl(4, LOOP_SET_FD, 3 [pid 6872] <... openat resumed>) = 3 [pid 6872] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6872] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6872] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6873] <... mount resumed>) = 0 [pid 6870] <... futex resumed>) = 0 [pid 6870] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] <... futex resumed>) = 0 [pid 6870] <... futex resumed>) = 1 [pid 6870] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6873] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6873] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6873] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6872] <... openat resumed>) = 4 [pid 6873] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] <... futex resumed>) = 1 [pid 6872] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6871] <... futex resumed>) = 0 [pid 6870] <... futex resumed>) = 0 [pid 6871] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = 0 [pid 6873] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6872] <... futex resumed>) = 0 [pid 6871] <... futex resumed>) = 1 [pid 6870] <... futex resumed>) = 1 [pid 6872] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6871] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... ioctl resumed>) = 0 [pid 6872] <... openat resumed>) = 5 [pid 6877] close(3) = 0 [pid 6877] close(4) = 0 [pid 6873] <... openat resumed>) = 4 [pid 6872] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6872] <... futex resumed>) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6872] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6873] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6871] <... futex resumed>) = 0 [pid 6870] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... mkdir resumed>) = 0 [pid 6873] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6872] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6871] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] <... write resumed>) = 1116 [pid 6872] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] <... futex resumed>) = 0 [ 427.548118][ T6877] loop2: detected capacity change from 0 to 4096 [pid 6871] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6873] <... openat resumed>) = 5 [pid 6872] <... futex resumed>) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6872] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6870] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... mount resumed>) = 0 [pid 6870] <... futex resumed>) = 0 [pid 6872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6870] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6875] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6873] <... futex resumed>) = 1 [pid 6872] <... mmap resumed>) = 0x200000000000 [pid 6871] <... futex resumed>) = 0 [pid 6873] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6875] <... openat resumed>) = 3 [pid 6871] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] <... futex resumed>) = 0 [pid 6875] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6871] <... futex resumed>) = 1 [pid 6870] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = 0 [pid 6872] <... futex resumed>) = 0 [pid 6871] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] <... chdir resumed>) = 0 [pid 6870] <... futex resumed>) = 1 [pid 6873] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6872] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6875] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6873] <... write resumed>) = 1116 [pid 6872] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6870] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6873] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6873] <... futex resumed>) = 1 [pid 6871] <... futex resumed>) = 0 [pid 6874] <... futex resumed>) = 0 [pid 6873] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6871] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] <... futex resumed>) = 0 [pid 6874] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6874] <... futex resumed>) = 0 [pid 6873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6872] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6871] <... futex resumed>) = 0 [pid 6870] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6874] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6871] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] <... futex resumed>) = 0 [pid 6873] <... mmap resumed>) = 0x200000000000 [pid 6872] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6870] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6871] <... futex resumed>) = 0 [pid 6873] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6871] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6871] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] <... futex resumed>) = 0 [pid 6873] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6873] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6871] <... futex resumed>) = 0 [pid 6873] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6871] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6871] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] <... futex resumed>) = 0 [pid 6873] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6875] <... openat resumed>) = 4 [pid 6875] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6874] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6875] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6874] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6875] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6874] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6875] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6874] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6875] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6875] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6874] <... futex resumed>) = 0 [pid 6875] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6874] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6874] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... mount resumed>) = 0 [pid 6877] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6877] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6873] +++ killed by SIGSEGV (core dumped) +++ [pid 6871] <... futex resumed>) = ? [pid 6877] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6877] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 6871] +++ killed by SIGSEGV (core dumped) +++ [pid 6877] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6876] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=180, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6876] <... futex resumed>) = 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 6876] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6868] <... ??? resumed>) = ? [pid 5872] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6869] +++ killed by SIGSEGV (core dumped) +++ [pid 6868] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=180, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6877] <... openat resumed>) = 4 [pid 5872] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6877] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6877] <... futex resumed>) = 1 [pid 6876] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6877] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6876] <... futex resumed>) = 0 [pid 6877] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6876] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... openat resumed>) = 5 [pid 6877] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6877] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] <... futex resumed>) = 0 [pid 6876] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6876] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6877] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6870] <... futex resumed>) = ? [pid 6877] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] +++ killed by SIGSEGV (core dumped) +++ [pid 6870] +++ killed by SIGSEGV (core dumped) +++ [pid 6877] <... futex resumed>) = 1 [pid 6876] <... futex resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=186, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 6876] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 6876] <... futex resumed>) = 0 [pid 6877] <... mmap resumed>) = 0x200000000000 [pid 6876] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] <... futex resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 6876] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6876] <... futex resumed>) = 0 [pid 6876] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6877] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6877] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6877] <... futex resumed>) = 1 [pid 6876] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 6877] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6876] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] newfstatat(3, "", [pid 6877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6876] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./86/binderfs") = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./86") = 0 [pid 5872] mkdir("./87", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] <... close resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 182 ./strace-static-x86_64: Process 6878 attached [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 6878] set_robust_list(0x55557616a6a0, 24 [pid 5871] rmdir("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6878] <... set_robust_list resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 6878] chdir("./87" [pid 5871] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6878] <... chdir resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./86/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 6878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... umount2 resumed>) = 0 [pid 6878] <... prctl resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./86") = 0 [pid 6874] <... futex resumed>) = ? [pid 6878] setpgid(0, 0 [pid 5871] mkdir("./87", 0777 [pid 5870] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6878] <... setpgid resumed>) = 0 [pid 6878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6878] <... openat resumed>) = 3 [pid 5871] <... openat resumed>) = 3 [pid 6878] write(3, "1000", 4 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 6878] <... write resumed>) = 4 [pid 5871] close(3 [pid 6875] +++ killed by SIGSEGV (core dumped) +++ [pid 6874] +++ killed by SIGSEGV (core dumped) +++ [pid 6878] close(3 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=178, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 6878] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6878] symlink("/dev/binderfs", "./binderfs" [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6878] <... symlink resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6878] write(1, "executing program\n", 18 [pid 5870] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... restart_syscall resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 6878] <... write resumed>) = 18 [pid 5870] <... close resumed>) = 0 [pid 6878] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6878] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5870] <... rmdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6878] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5870] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = 3 [pid 6878] <... mprotect resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(3, "", [pid 5870] newfstatat(AT_FDCWD, "./86/binderfs", [pid 6878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6878] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5870] unlink("./86/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./86") = 0 [pid 5870] mkdir("./87", 0777 [pid 6878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] <... mkdir resumed>) = 0 [pid 5868] getdents64(3, [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 6878] <... clone3 resumed> => {parent_tid=[183]}, 88) = 183 [pid 5868] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 6878] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6879 attached NULL, 8) = 0 [pid 5871] <... close resumed>) = 0 [pid 6878] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6878] <... futex resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6880 attached [pid 6879] <... rseq resumed>) = 0 [pid 6878] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6879] set_robust_list(0x7f701fd149a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 182 [pid 6879] <... set_robust_list resumed>) = 0 [pid 6880] set_robust_list(0x55557616a6a0, 24 [pid 6879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6880] <... set_robust_list resumed>) = 0 [pid 6879] memfd_create("syzkaller", 0 [pid 6880] chdir("./87") = 0 [pid 6880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6879] <... memfd_create resumed>) = 3 [pid 6880] setpgid(0, 0) = 0 [pid 6879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6880] write(3, "1000", 4) = 4 [pid 6880] close(3) = 0 [pid 6880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6876] <... futex resumed>) = ? executing program [pid 6880] write(1, "executing program\n", 18 [pid 5870] <... close resumed>) = 0 [pid 6880] <... write resumed>) = 18 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6880] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6880] <... futex resumed>) = 0 [pid 6877] +++ killed by SIGSEGV (core dumped) +++ [pid 6876] +++ killed by SIGSEGV (core dumped) +++ [pid 6880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=182, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- ./strace-static-x86_64: Process 6881 attached [pid 6880] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6880] <... mprotect resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 188 [pid 5869] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6881] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6880] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6881] chdir("./87" [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6881] <... chdir resumed>) = 0 [pid 6881] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] getdents64(3, [pid 6881] <... prctl resumed>) = 0 [pid 6880] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6881] setpgid(0, 0 [pid 6880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6882 attached [pid 6881] <... setpgid resumed>) = 0 [pid 6882] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6882] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6882] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6880] <... clone3 resumed> => {parent_tid=[183]}, 88) = 183 [pid 6880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6880] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6881] <... openat resumed>) = 3 [pid 5868] <... umount2 resumed>) = 0 [pid 6882] <... futex resumed>) = 0 [pid 6881] write(3, "1000", 4 [pid 6880] <... futex resumed>) = 1 [pid 6882] memfd_create("syzkaller", 0 [pid 6881] <... write resumed>) = 4 [pid 6880] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6879] <... write resumed>) = 2097152 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6881] close(3 [pid 6879] munmap(0x7f7017800000, 138412032 [pid 5869] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6881] <... close resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 6882] <... memfd_create resumed>) = 3 [pid 5868] getdents64(4, [pid 6882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6882] <... mmap resumed>) = 0x7f7017800000 [pid 5868] close(4) = 0 [pid 6881] symlink("/dev/binderfs", "./binderfs" [pid 6879] <... munmap resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] rmdir("\x2e\x2f\x38\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6881] <... symlink resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6881] write(1, "executing program\n", 18 [pid 5869] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6881] <... write resumed>) = 18 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6881] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6881] <... futex resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./86/binderfs", [pid 6881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] <... openat resumed>) = 4 [pid 6881] <... mmap resumed>) = 0x7f701fcf4000 [pid 5869] newfstatat(4, "", [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./86/binderfs" [pid 6881] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6881] <... mprotect resumed>) = 0 [pid 5869] getdents64(4, [pid 5868] <... unlink resumed>) = 0 [pid 6881] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6879] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6881] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] getdents64(4, [pid 5868] getdents64(3, [pid 6881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6879] <... openat resumed>) = 4 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6883 attached [pid 6879] ioctl(4, LOOP_SET_FD, 3 [pid 5869] close(4 [pid 5868] close(3 [pid 6883] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6881] <... clone3 resumed> => {parent_tid=[189]}, 88) = 189 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./86") = 0 [pid 5868] mkdir("./87", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6883] <... rseq resumed>) = 0 [pid 6881] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... close resumed>) = 0 [pid 6883] set_robust_list(0x7f701fd149a0, 24 [pid 6881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6879] <... ioctl resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6883] <... set_robust_list resumed>) = 0 [pid 6881] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] close(3 [pid 6883] rt_sigprocmask(SIG_SETMASK, [], [pid 6882] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6881] <... futex resumed>) = 0 [pid 6879] <... close resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6879] close(4 [pid 6881] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6883] memfd_create("syzkaller", 0 [pid 6879] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6883] <... memfd_create resumed>) = 3 [pid 6879] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5868] <... close resumed>) = 0 [pid 6879] <... mkdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6879] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 428.436470][ T6879] loop4: detected capacity change from 0 to 4096 [pid 6883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] unlink("./87/binderfs" [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3./strace-static-x86_64: Process 6884 attached ) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 180 [pid 5869] rmdir("./87") = 0 [pid 6884] set_robust_list(0x55557616a6a0, 24 [pid 5869] mkdir("./88", 0777) = 0 [pid 6884] <... set_robust_list resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6884] chdir("./87" [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6882] <... write resumed>) = 2097152 [pid 6882] munmap(0x7f7017800000, 138412032 [pid 6884] <... chdir resumed>) = 0 [pid 6884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6884] setpgid(0, 0) = 0 [pid 6884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6884] write(3, "1000", 4) = 4 [pid 6884] close(3) = 0 [pid 6884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3executing program [pid 6884] write(1, "executing program\n", 18 [pid 6882] <... munmap resumed>) = 0 [pid 6884] <... write resumed>) = 18 [pid 6884] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6884] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6884] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6882] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6884] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6885 attached [pid 6882] <... openat resumed>) = 4 [pid 6885] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6882] ioctl(4, LOOP_SET_FD, 3 [pid 6884] <... clone3 resumed> => {parent_tid=[181]}, 88) = 181 [pid 6885] <... rseq resumed>) = 0 [pid 6884] rt_sigprocmask(SIG_SETMASK, [], [pid 6885] set_robust_list(0x7f701fd149a0, 24 [pid 6884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6885] <... set_robust_list resumed>) = 0 [pid 6884] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6884] <... futex resumed>) = 0 [pid 6885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6884] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6885] memfd_create("syzkaller", 0) = 3 [pid 6885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6882] <... ioctl resumed>) = 0 [pid 6882] close(3) = 0 [ 428.549936][ T6882] loop3: detected capacity change from 0 to 4096 [pid 6882] close(4) = 0 [pid 5869] <... close resumed>) = 0 [pid 6882] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6886 attached [pid 6882] <... mkdir resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 184 [pid 6886] set_robust_list(0x55557616a6a0, 24 [pid 6882] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6886] <... set_robust_list resumed>) = 0 [pid 6886] chdir("./88") = 0 [pid 6886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6886] setpgid(0, 0) = 0 [pid 6886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6883] <... write resumed>) = 2097152 [pid 6886] <... openat resumed>) = 3 [pid 6885] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6886] write(3, "1000", 4) = 4 [pid 6883] munmap(0x7f7017800000, 138412032 [pid 6886] close(3) = 0 executing program [pid 6886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6886] write(1, "executing program\n", 18) = 18 [pid 6886] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6886] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6879] <... mount resumed>) = 0 [pid 6886] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6879] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6886] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6879] <... openat resumed>) = 3 [pid 6886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6879] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6879] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 6887 attached ) = -1 EBUSY (Device or resource busy) [pid 6887] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6883] <... munmap resumed>) = 0 [pid 6879] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... rseq resumed>) = 0 [pid 6886] <... clone3 resumed> => {parent_tid=[185]}, 88) = 185 [pid 6883] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6887] set_robust_list(0x7f701fd149a0, 24 [pid 6879] <... futex resumed>) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6887] <... set_robust_list resumed>) = 0 [pid 6886] rt_sigprocmask(SIG_SETMASK, [], [pid 6883] <... openat resumed>) = 4 [pid 6878] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6878] <... futex resumed>) = 0 [pid 6887] rt_sigprocmask(SIG_SETMASK, [], [pid 6886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6883] ioctl(4, LOOP_SET_FD, 3 [pid 6878] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6886] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] memfd_create("syzkaller", 0 [pid 6886] <... futex resumed>) = 0 [pid 6886] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6887] <... memfd_create resumed>) = 3 [pid 6883] <... ioctl resumed>) = 0 [pid 6887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6883] close(3 [pid 6887] <... mmap resumed>) = 0x7f7017800000 [pid 6883] <... close resumed>) = 0 [pid 6883] close(4) = 0 [pid 6879] <... openat resumed>) = 4 [pid 6879] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6879] <... futex resumed>) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] <... mkdir resumed>) = 0 [pid 6879] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6883] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6879] <... openat resumed>) = 5 [pid 6885] <... write resumed>) = 2097152 [pid 6885] munmap(0x7f7017800000, 138412032 [pid 6879] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 428.689065][ T6883] loop1: detected capacity change from 0 to 4096 [pid 6878] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6879] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6879] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6878] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... mmap resumed>) = 0x200000000000 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6879] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6878] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6878] <... futex resumed>) = 0 [pid 6879] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... futex resumed>) = 0 [pid 6878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6879] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6878] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... munmap resumed>) = 0 [pid 6885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6885] ioctl(4, LOOP_SET_FD, 3 [pid 6882] <... mount resumed>) = 0 [pid 6882] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6882] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6882] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6887] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6882] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6880] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6882] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6880] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] <... ioctl resumed>) = 0 [ 428.782901][ T6885] loop0: detected capacity change from 0 to 4096 [pid 6882] <... openat resumed>) = 4 [pid 6885] close(3) = 0 [pid 6885] close(4) = 0 [pid 6885] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6882] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... mkdir resumed>) = 0 [pid 6882] <... futex resumed>) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6885] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6880] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6882] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6880] <... futex resumed>) = 0 [pid 6880] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... openat resumed>) = 5 [pid 6882] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6880] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6882] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6880] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... write resumed>) = 1116 [pid 6882] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6882] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6880] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6880] <... futex resumed>) = 0 [pid 6882] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6880] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... mmap resumed>) = 0x200000000000 [pid 6887] <... write resumed>) = 2097152 [pid 6882] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6882] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6880] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6882] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6887] munmap(0x7f7017800000, 138412032 [pid 6882] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6882] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6880] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6882] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6880] <... futex resumed>) = 0 [pid 6880] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] <... munmap resumed>) = 0 [pid 6887] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6887] ioctl(4, LOOP_SET_FD, 3 [pid 6883] <... mount resumed>) = 0 [pid 6883] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6887] <... ioctl resumed>) = 0 [pid 6883] <... openat resumed>) = 3 [pid 6887] close(3) = 0 [pid 6883] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6887] close(4 [pid 6883] <... chdir resumed>) = 0 [pid 6887] <... close resumed>) = 0 [pid 6887] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6883] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6887] <... mkdir resumed>) = 0 [pid 6883] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6883] <... futex resumed>) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6881] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [ 428.946508][ T6887] loop2: detected capacity change from 0 to 4096 [pid 6881] <... futex resumed>) = 0 [pid 6881] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] <... openat resumed>) = 4 [pid 6883] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6881] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6881] <... futex resumed>) = 0 [pid 6881] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] <... openat resumed>) = 5 [pid 6885] <... mount resumed>) = 0 [pid 6885] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6883] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6885] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6881] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... chdir resumed>) = 0 [pid 6883] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6881] <... futex resumed>) = 0 [pid 6881] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6883] <... write resumed>) = 1116 [pid 6885] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6883] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] <... futex resumed>) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6883] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6881] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6884] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6881] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6884] <... futex resumed>) = 0 [pid 6883] <... mmap resumed>) = 0x200000000000 [pid 6881] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] <... mount resumed>) = 0 [pid 6885] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6884] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6885] <... openat resumed>) = 4 [pid 6883] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6885] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] <... futex resumed>) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6885] <... futex resumed>) = 1 [pid 6881] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... chdir resumed>) = 0 [pid 6885] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6884] <... futex resumed>) = 0 [pid 6881] <... futex resumed>) = 0 [pid 6887] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6884] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6881] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6884] <... futex resumed>) = 1 [pid 6885] <... futex resumed>) = 0 [pid 6884] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6885] <... openat resumed>) = 5 [pid 6883] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6887] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6887] <... futex resumed>) = 1 [pid 6885] <... futex resumed>) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6883] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6886] <... futex resumed>) = 0 [pid 6885] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6884] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] <... futex resumed>) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6886] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6884] <... futex resumed>) = 0 [pid 6883] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6881] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 0 [pid 6886] <... futex resumed>) = 1 [pid 6885] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6884] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6881] <... futex resumed>) = 0 [pid 6887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6886] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6881] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6883] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6885] <... write resumed>) = 1116 [pid 6885] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... openat resumed>) = 4 [pid 6885] <... futex resumed>) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6885] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6884] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6885] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6884] <... futex resumed>) = 0 [pid 6887] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... mmap resumed>) = 0x200000000000 [pid 6884] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6886] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6885] <... futex resumed>) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6886] <... futex resumed>) = 0 [pid 6884] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6886] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6887] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6887] <... futex resumed>) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6885] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6884] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6886] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6884] <... futex resumed>) = 0 [pid 6887] <... write resumed>) = 1116 [pid 6886] <... futex resumed>) = 0 [pid 6885] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6884] ???( [pid 6887] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] <... futex resumed>) = 0 [pid 6886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6887] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6886] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6886] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] <... mmap resumed>) = 0x200000000000 [pid 6887] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6886] <... futex resumed>) = 0 [pid 6887] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6886] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6886] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6887] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6878] <... futex resumed>) = ? [pid 6887] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6887] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6886] <... futex resumed>) = 0 [pid 6886] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 0 [pid 6886] <... futex resumed>) = 1 [pid 6887] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6886] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] +++ killed by SIGSEGV (core dumped) +++ [pid 6878] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=182, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6880] <... futex resumed>) = ? [pid 6882] +++ killed by SIGSEGV (core dumped) +++ [pid 6880] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=182, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6881] <... futex resumed>) = ? [pid 6883] +++ killed by SIGSEGV (core dumped) +++ [pid 6881] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=188, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5870] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] getdents64(4, [pid 5871] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] close(4 [pid 5871] <... openat resumed>) = 4 [pid 5872] <... close resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 5872] rmdir("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 5872] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] close(4) = 0 [pid 5872] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5871] rmdir("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5872] unlink("./87/binderfs") = 0 [pid 5871] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 5871] unlink("./87/binderfs" [pid 5872] <... close resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5872] rmdir("./87") = 0 [pid 5871] getdents64(3, [pid 5872] mkdir("./88", 0777 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./87") = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5871] mkdir("./88", 0777) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6886] <... futex resumed>) = ? [pid 6887] +++ killed by SIGSEGV (core dumped) +++ [pid 6886] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=184, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5870] <... umount2 resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... close resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6884] <... ??? resumed>) = ? [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5870] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(3, "", [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... close resumed>) = 0 [pid 6885] +++ killed by SIGSEGV (core dumped) +++ [pid 6884] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... openat resumed>) = 4 [pid 5869] getdents64(3, [pid 5870] newfstatat(4, "", [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=180, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5869] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6888 attached [pid 5868] <... openat resumed>) = 3 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 184 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6888] set_robust_list(0x55557616a6a0, 24 [pid 5868] getdents64(3, ./strace-static-x86_64: Process 6889 attached [pid 6888] <... set_robust_list resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6889] set_robust_list(0x55557616a6a0, 24 [pid 5870] getdents64(4, [pid 6889] <... set_robust_list resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6888] chdir("./88" [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 184 [pid 6888] <... chdir resumed>) = 0 [pid 6888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6888] setpgid(0, 0) = 0 [pid 6888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6889] chdir("./88" [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 executing program [pid 6888] write(3, "1000", 4 [pid 6889] <... chdir resumed>) = 0 [pid 5870] getdents64(4, [pid 6888] <... write resumed>) = 4 [pid 6888] close(3) = 0 [pid 6888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6889] <... prctl resumed>) = 0 [pid 6888] write(1, "executing program\n", 18 [pid 5870] close(4 [pid 6888] <... write resumed>) = 18 [pid 6888] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6888] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6889] setpgid(0, 0 [pid 6888] <... mprotect resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 6888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[185]}, 88) = 185 ./strace-static-x86_64: Process 6890 attached [pid 6888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6888] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6890] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6889] <... setpgid resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6890] <... rseq resumed>) = 0 [pid 6890] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 6890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6890] memfd_create("syzkaller", 0 [pid 6889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6889] <... openat resumed>) = 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6890] <... memfd_create resumed>) = 3 [pid 6890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6889] write(3, "1000", 4 [pid 5870] newfstatat(AT_FDCWD, "./87/binderfs", [pid 6889] <... write resumed>) = 4 [pid 6889] close(3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6889] <... close resumed>) = 0 [pid 5870] unlink("./87/binderfs" [pid 6889] symlink("/dev/binderfs", "./binderfs" [pid 5870] <... unlink resumed>) = 0 executing program [pid 6889] <... symlink resumed>) = 0 [pid 5870] getdents64(3, [pid 6889] write(1, "executing program\n", 18 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6889] <... write resumed>) = 18 [pid 5870] close(3 [pid 6889] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./87" [pid 6889] <... futex resumed>) = 0 [pid 6889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] <... rmdir resumed>) = 0 [pid 6889] <... mmap resumed>) = 0x7f701fcf4000 [pid 5870] mkdir("./88", 0777) = 0 [pid 6889] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6889] <... mprotect resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 6889] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] close(3 [pid 6889] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6890] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[185]}, 88) = 185 [pid 6889] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6891 attached NULL, 8) = 0 [pid 6891] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6889] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... rseq resumed>) = 0 [pid 6889] <... futex resumed>) = 0 [pid 6891] set_robust_list(0x7f701fd149a0, 24 [pid 6889] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6891] <... set_robust_list resumed>) = 0 [pid 6891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6891] memfd_create("syzkaller", 0) = 3 [pid 5870] <... close resumed>) = 0 [pid 6891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6892 attached ) = -1 EINVAL (Invalid argument) [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 190 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6892] set_robust_list(0x55557616a6a0, 24 [pid 5869] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6892] <... set_robust_list resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6892] chdir("./88") = 0 [pid 6892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6892] setpgid(0, 0) = 0 [pid 6892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6892] write(3, "1000", 4) = 4 [pid 6892] close(3) = 0 [pid 6892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6892] write(1, "executing program\n", 18) = 18 [pid 6892] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6892] <... futex resumed>) = 0 [pid 6892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6892] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5869] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] newfstatat(4, "", [pid 6892] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6890] <... write resumed>) = 2097152 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6892] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] getdents64(4, [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] getdents64(4, ./strace-static-x86_64: Process 6893 attached [pid 6890] munmap(0x7f7017800000, 138412032 [pid 5869] <... openat resumed>) = 4 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6892] <... clone3 resumed> => {parent_tid=[191]}, 88) = 191 [pid 5869] newfstatat(4, "", [pid 5868] close(4 [pid 6892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... close resumed>) = 0 [pid 6892] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(4, [pid 5868] rmdir("\x2e\x2f\x38\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6892] <... futex resumed>) = 0 [pid 6893] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6892] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] getdents64(4, [pid 5868] <... rmdir resumed>) = 0 [pid 6893] <... rseq resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6893] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6893] memfd_create("syzkaller", 0 [pid 5869] close(4 [pid 5868] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6893] <... memfd_create resumed>) = 3 [pid 6890] <... munmap resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./87/binderfs", [pid 6893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] unlink("./87/binderfs" [pid 6890] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6890] ioctl(4, LOOP_SET_FD, 3 [pid 6891] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] newfstatat(AT_FDCWD, "./88/binderfs", [pid 5868] <... unlink resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] unlink("./88/binderfs" [pid 5868] close(3) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5868] rmdir("./87" [pid 6890] <... ioctl resumed>) = 0 [pid 5869] getdents64(3, [pid 5868] <... rmdir resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] mkdir("./88", 0777 [pid 5869] close(3 [pid 6890] close(3) = 0 [pid 5869] <... close resumed>) = 0 [pid 6890] close(4) = 0 [pid 5869] rmdir("./88" [pid 5868] <... mkdir resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] mkdir("./89", 0777 [pid 5868] <... openat resumed>) = 3 [pid 6890] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] <... mkdir resumed>) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6890] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... ioctl resumed>) = 0 [pid 6890] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] close(3 [pid 5869] <... openat resumed>) = 3 [pid 6893] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [ 429.868907][ T6890] loop3: detected capacity change from 0 to 4096 [pid 5869] close(3 [pid 5868] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6891] <... write resumed>) = 2097152 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6891] munmap(0x7f7017800000, 138412032) = 0 ./strace-static-x86_64: Process 6894 attached [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 182 [pid 6894] set_robust_list(0x55557616a6a0, 24 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6894] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6895 attached [pid 6894] chdir("./88" [pid 6891] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 186 [pid 6894] <... chdir resumed>) = 0 [pid 6894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6891] <... openat resumed>) = 4 [pid 6894] setpgid(0, 0 [pid 6891] ioctl(4, LOOP_SET_FD, 3 [pid 6894] <... setpgid resumed>) = 0 [pid 6895] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6895] chdir("./89" [pid 6894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6893] <... write resumed>) = 2097152 [pid 6894] <... openat resumed>) = 3 [pid 6895] <... chdir resumed>) = 0 [pid 6893] munmap(0x7f7017800000, 138412032 [pid 6895] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6894] write(3, "1000", 4 [pid 6891] <... ioctl resumed>) = 0 [pid 6895] <... prctl resumed>) = 0 [pid 6891] close(3 [pid 6895] setpgid(0, 0 [pid 6894] <... write resumed>) = 4 [pid 6891] <... close resumed>) = 0 [pid 6895] <... setpgid resumed>) = 0 [pid 6894] close(3 [pid 6891] close(4 [pid 6895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6894] <... close resumed>) = 0 [pid 6891] <... close resumed>) = 0 [pid 6895] <... openat resumed>) = 3 [pid 6894] symlink("/dev/binderfs", "./binderfs" [pid 6891] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6895] write(3, "1000", 4 [pid 6894] <... symlink resumed>) = 0 [pid 6891] <... mkdir resumed>) = 0 [pid 6890] <... mount resumed>) = 0 [pid 6895] <... write resumed>) = 4 [pid 6893] <... munmap resumed>) = 0 [pid 6891] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6890] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6895] close(3 [pid 6893] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6890] <... openat resumed>) = 3 [pid 6895] <... close resumed>) = 0 [pid 6893] <... openat resumed>) = 4 [ 429.995660][ T6891] loop4: detected capacity change from 0 to 4096 [pid 6890] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6893] ioctl(4, LOOP_SET_FD, 3 [pid 6890] <... chdir resumed>) = 0 executing program executing program [pid 6895] symlink("/dev/binderfs", "./binderfs" [pid 6894] write(1, "executing program\n", 18 [pid 6890] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6895] <... symlink resumed>) = 0 [pid 6890] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] write(1, "executing program\n", 18 [pid 6894] <... write resumed>) = 18 [pid 6890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6894] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... write resumed>) = 18 [pid 6894] <... futex resumed>) = 0 [pid 6894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6895] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6894] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6895] <... mmap resumed>) = 0x7f701fcf4000 [pid 6895] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6894] <... mprotect resumed>) = 0 [pid 6895] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6894] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6895] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6896 attached [pid 6894] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6894] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6895] <... clone3 resumed> => {parent_tid=[187]}, 88) = 187 ./strace-static-x86_64: Process 6897 attached [pid 6896] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6895] rt_sigprocmask(SIG_SETMASK, [], [pid 6890] <... openat resumed>) = 4 [pid 6896] <... rseq resumed>) = 0 [pid 6895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6896] set_robust_list(0x7f701fd149a0, 24 [pid 6895] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] <... set_robust_list resumed>) = 0 [pid 6895] <... futex resumed>) = 0 [pid 6896] rt_sigprocmask(SIG_SETMASK, [], [pid 6895] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6893] <... ioctl resumed>) = 0 [pid 6890] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6896] memfd_create("syzkaller", 0 [pid 6893] close(3 [pid 6890] <... futex resumed>) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6893] <... close resumed>) = 0 [pid 6890] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6888] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] close(4 [pid 6890] <... openat resumed>) = 5 [pid 6888] <... futex resumed>) = 0 [pid 6893] <... close resumed>) = 0 [pid 6888] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6894] <... clone3 resumed> => {parent_tid=[183]}, 88) = 183 [pid 6893] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6894] rt_sigprocmask(SIG_SETMASK, [], [pid 6893] <... mkdir resumed>) = 0 [pid 6896] <... memfd_create resumed>) = 3 [pid 6893] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6890] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6890] <... futex resumed>) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6897] <... rseq resumed>) = 0 [pid 6896] <... mmap resumed>) = 0x7f7017800000 [pid 6894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6890] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] set_robust_list(0x7f701fd149a0, 24 [pid 6894] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] <... futex resumed>) = 0 [pid 6897] <... set_robust_list resumed>) = 0 [pid 6897] rt_sigprocmask(SIG_SETMASK, [], [pid 6894] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6888] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6890] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6890] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] memfd_create("syzkaller", 0 [ 430.050550][ T6893] loop1: detected capacity change from 0 to 4096 [pid 6890] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6897] <... memfd_create resumed>) = 3 [pid 6890] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6888] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6890] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6890] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6888] <... futex resumed>) = 0 [pid 6888] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6888] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6890] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6896] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6891] <... mount resumed>) = 0 [pid 6891] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6891] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6891] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6891] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6891] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6889] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6889] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6891] <... openat resumed>) = 4 [pid 6891] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6891] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... futex resumed>) = 0 [pid 6889] <... futex resumed>) = 1 [pid 6891] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6889] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] <... openat resumed>) = 5 [pid 6891] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6891] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... futex resumed>) = 0 [pid 6889] <... futex resumed>) = 1 [pid 6891] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6889] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] <... write resumed>) = 1116 [pid 6891] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6889] <... futex resumed>) = 0 [pid 6893] <... mount resumed>) = 0 [pid 6893] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6893] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6891] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6891] <... futex resumed>) = 0 [pid 6889] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6891] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6889] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6893] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6889] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6891] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6889] <... futex resumed>) = 0 [pid 6889] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] <... futex resumed>) = 1 [pid 6892] <... futex resumed>) = 0 [pid 6891] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6889] <... futex resumed>) = 0 [pid 6896] <... write resumed>) = 2097152 [pid 6893] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6892] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6892] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... write resumed>) = 2097152 [pid 6897] munmap(0x7f7017800000, 138412032 [pid 6896] munmap(0x7f7017800000, 138412032 [pid 6893] <... openat resumed>) = 4 [pid 6897] <... munmap resumed>) = 0 [pid 6893] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6892] <... futex resumed>) = 0 [pid 6892] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6892] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6896] <... munmap resumed>) = 0 [pid 6893] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6897] <... openat resumed>) = 4 [pid 6897] ioctl(4, LOOP_SET_FD, 3 [pid 6896] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6896] ioctl(4, LOOP_SET_FD, 3 [pid 6893] <... openat resumed>) = 5 [pid 6897] <... ioctl resumed>) = 0 [pid 6893] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] close(3 [pid 6893] <... futex resumed>) = 1 [pid 6893] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6892] <... futex resumed>) = 0 [pid 6892] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] <... futex resumed>) = 0 [pid 6892] <... futex resumed>) = 1 [pid 6893] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6893] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6893] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6892] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6892] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] <... futex resumed>) = 0 [pid 6892] <... futex resumed>) = 1 [pid 6893] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6892] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6893] <... mmap resumed>) = 0x200000000000 [pid 6893] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6893] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6892] <... futex resumed>) = 0 [pid 6892] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6893] <... futex resumed>) = 0 [pid 6893] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6893] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6892] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6893] <... futex resumed>) = 0 [pid 6892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... close resumed>) = 0 [pid 6893] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6892] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6892] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 430.374808][ T6897] loop0: detected capacity change from 0 to 4096 [ 430.375671][ T6896] loop2: detected capacity change from 0 to 4096 [pid 6893] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6896] <... ioctl resumed>) = 0 [pid 6897] close(4) = 0 [pid 6897] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6896] close(3) = 0 [pid 6896] close(4 [pid 6897] <... mkdir resumed>) = 0 [pid 6896] <... close resumed>) = 0 [pid 6897] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6896] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6896] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6888] <... futex resumed>) = ? [pid 6890] +++ killed by SIGSEGV (core dumped) +++ [pid 6888] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=184, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6896] <... mount resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 6896] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] newfstatat(3, "", [pid 6896] <... openat resumed>) = 3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 6896] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6896] <... chdir resumed>) = 0 [pid 6896] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6896] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6896] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6895] <... futex resumed>) = 0 [pid 6895] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6896] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6895] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... mount resumed>) = 0 [pid 6897] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6897] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6896] <... openat resumed>) = 4 [pid 6897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6896] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6895] <... futex resumed>) = 0 [pid 6895] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] <... futex resumed>) = 0 [pid 6895] <... futex resumed>) = 1 [pid 6897] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6897] <... futex resumed>) = 1 [pid 6895] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = 0 [pid 6896] <... openat resumed>) = 5 [pid 6894] <... futex resumed>) = 1 [pid 6897] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6894] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6896] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6895] <... futex resumed>) = 0 [pid 6895] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6896] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6896] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6895] <... futex resumed>) = 0 [pid 6895] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6896] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6896] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... openat resumed>) = 4 [pid 6896] <... futex resumed>) = 1 [pid 6895] <... futex resumed>) = 0 [pid 6895] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6896] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6896] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6895] <... futex resumed>) = 0 [pid 6897] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6895] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... futex resumed>) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6897] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6897] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6894] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... write resumed>) = 1116 [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... futex resumed>) = 0 [pid 6897] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... futex resumed>) = 0 [pid 6894] <... futex resumed>) = 1 [pid 6897] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6894] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] <... futex resumed>) = 0 [pid 6894] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6897] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6897] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6897] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6894] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6894] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6897] <... futex resumed>) = 0 [pid 6897] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./88/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./88") = 0 [pid 5871] mkdir("./89", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6891] +++ killed by SIGSEGV (core dumped) +++ [pid 6889] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=184, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 186 ./strace-static-x86_64: Process 6898 attached [pid 6892] <... futex resumed>) = ? [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6898] set_robust_list(0x55557616a6a0, 24 [pid 6893] +++ killed by SIGSEGV (core dumped) +++ [pid 6892] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6898] <... set_robust_list resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=190, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 6898] chdir("./89") = 0 [pid 5870] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6898] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6898] <... prctl resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6898] setpgid(0, 0 [pid 5870] <... openat resumed>) = 3 [pid 6898] <... setpgid resumed>) = 0 [pid 6898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] newfstatat(3, "", [pid 6898] write(3, "1000", 4 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6898] <... write resumed>) = 4 [pid 6898] close(3 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6898] <... close resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6898] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6898] write(1, "executing program\n", 18) = 18 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6898] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6899 attached => {parent_tid=[187]}, 88) = 187 [pid 6898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6898] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6899] <... rseq resumed>) = 0 [pid 6895] <... futex resumed>) = ? [pid 6899] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6899] memfd_create("syzkaller", 0 [pid 6896] +++ killed by SIGSEGV (core dumped) +++ [pid 6895] +++ killed by SIGSEGV (core dumped) +++ [pid 6899] <... memfd_create resumed>) = 3 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=186, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 6899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6897] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", [pid 6894] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=182, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=25 /* 0.25 s */} --- [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5869] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5870] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6899] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] unlink("./88/binderfs" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./88") = 0 [pid 5870] mkdir("./89", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] getdents64(4, [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(4 [pid 5868] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] <... rmdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./88/binderfs", [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6899] <... write resumed>) = 2097152 [pid 5872] unlink("./88/binderfs" [pid 6899] munmap(0x7f7017800000, 138412032 [pid 5872] <... unlink resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, [pid 5872] getdents64(3, [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6900 attached [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6900] set_robust_list(0x55557616a6a0, 24 [pid 5872] close(3 [pid 5868] close(4 [pid 6900] <... set_robust_list resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./88" [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... close resumed>) = 0 [pid 6900] chdir("./89") = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] rmdir("\x2e\x2f\x38\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6900] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] mkdir("./89", 0777 [pid 6900] <... prctl resumed>) = 0 [pid 6900] setpgid(0, 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 192 [pid 5869] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... rmdir resumed>) = 0 [pid 6900] <... setpgid resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(4, "", [pid 5872] <... openat resumed>) = 3 [pid 5868] newfstatat(AT_FDCWD, "./88/binderfs", [pid 6900] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6900] write(3, "1000", 4 [pid 5872] <... ioctl resumed>) = 0 [pid 5869] getdents64(4, [pid 6900] <... write resumed>) = 4 [pid 5872] close(3 [pid 5868] unlink("./88/binderfs" [pid 6900] close(3 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 5868] <... unlink resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] getdents64(3, [pid 5869] close(4 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] close(3 [pid 5869] rmdir("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] rmdir("./88" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... rmdir resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5868] mkdir("./89", 0777 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5869] unlink("./89/binderfs" [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5869] getdents64(3, [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6900] <... close resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 6900] symlink("/dev/binderfs", "./binderfs" [pid 5868] close(3 [pid 6900] <... symlink resumed>) = 0 [pid 6899] <... munmap resumed>) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./89") = 0 [pid 5869] mkdir("./90", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6900] write(1, "executing program\n", 18 [pid 6899] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... ioctl resumed>) = 0 executing program [pid 6900] <... write resumed>) = 18 [pid 6899] <... openat resumed>) = 4 [pid 5869] close(3 [pid 6900] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] ioctl(4, LOOP_SET_FD, 3 [pid 6900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6899] <... ioctl resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 6900] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6900] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6901 attached [pid 6900] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6899] close(3 [pid 5868] <... close resumed>) = 0 [pid 6901] set_robust_list(0x55557616a6a0, 24 [pid 6900] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6899] <... close resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 186 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6901] <... set_robust_list resumed>) = 0 [pid 6900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6899] close(4./strace-static-x86_64: Process 6902 attached [pid 6901] chdir("./89" [pid 6900] <... clone3 resumed> => {parent_tid=[193]}, 88) = 193 [pid 6902] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6900] rt_sigprocmask(SIG_SETMASK, [], [pid 6899] <... close resumed>) = 0 [pid 6900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6901] <... chdir resumed>) = 0 [pid 6900] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6900] <... futex resumed>) = 0 [pid 6902] <... rseq resumed>) = 0 [pid 6900] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6903 attached [pid 6901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6899] <... mkdir resumed>) = 0 [pid 6901] <... prctl resumed>) = 0 [pid 6899] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6901] setpgid(0, 0 [pid 6903] set_robust_list(0x55557616a6a0, 24 [pid 6902] set_robust_list(0x7f701fd149a0, 24 [pid 6901] <... setpgid resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 184 [pid 6903] <... set_robust_list resumed>) = 0 [pid 6902] <... set_robust_list resumed>) = 0 [pid 6902] rt_sigprocmask(SIG_SETMASK, [], [pid 6901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6903] chdir("./89" [pid 6902] memfd_create("syzkaller", 0 [pid 6901] <... openat resumed>) = 3 [pid 6903] <... chdir resumed>) = 0 [pid 6903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6903] setpgid(0, 0) = 0 [pid 6903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6902] <... memfd_create resumed>) = 3 [pid 6902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6903] <... openat resumed>) = 3 [pid 6903] write(3, "1000", 4 [pid 6901] write(3, "1000", 4) = 4 [pid 6903] <... write resumed>) = 4 [pid 6901] close(3executing program [pid 6903] close(3) = 0 [pid 6903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6903] write(1, "executing program\n", 18) = 18 [pid 6903] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 431.258523][ T6899] loop3: detected capacity change from 0 to 4096 [pid 6903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6901] <... close resumed>) = 0 [pid 6901] symlink("/dev/binderfs", "./binderfs" [pid 6903] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6901] <... symlink resumed>) = 0 [pid 6903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[185]}, 88) = 185 [pid 6903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6903] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] write(1, "executing program\n", 18 [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6904 attached executing program [pid 6904] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5869] <... close resumed>) = 0 [pid 6901] <... write resumed>) = 18 [pid 6904] <... rseq resumed>) = 0 [pid 6904] set_robust_list(0x7f701fd149a0, 24 [pid 6901] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] <... set_robust_list resumed>) = 0 [pid 6904] rt_sigprocmask(SIG_SETMASK, [], [pid 6901] <... futex resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6901] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6905 attached ) = 0 [pid 6905] set_robust_list(0x55557616a6a0, 24 [pid 6904] memfd_create("syzkaller", 0 [pid 6905] <... set_robust_list resumed>) = 0 [pid 6904] <... memfd_create resumed>) = 3 [pid 6905] chdir("./90" [pid 6904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6905] <... chdir resumed>) = 0 [pid 6901] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6905] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 188 [pid 6905] <... prctl resumed>) = 0 [pid 6905] setpgid(0, 0) = 0 [pid 6905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6905] write(3, "1000", 4) = 4 [pid 6901] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6905] close(3) = 0 [pid 6901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6905] write(1, "executing program\n", 18./strace-static-x86_64: Process 6906 attached [pid 6901] <... clone3 resumed> => {parent_tid=[187]}, 88) = 187 [pid 6905] <... write resumed>) = 18 [pid 6901] rt_sigprocmask(SIG_SETMASK, [], [pid 6905] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6905] <... futex resumed>) = 0 [pid 6901] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6901] <... futex resumed>) = 0 [pid 6905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6901] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6905] <... mmap resumed>) = 0x7f701fcf4000 [pid 6906] <... rseq resumed>) = 0 [pid 6905] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6905] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6906] set_robust_list(0x7f701fd149a0, 24 [pid 6905] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6907 attached [pid 6906] <... set_robust_list resumed>) = 0 [pid 6906] rt_sigprocmask(SIG_SETMASK, [], [pid 6905] <... clone3 resumed> => {parent_tid=[189]}, 88) = 189 [pid 6906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6905] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6907] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6906] memfd_create("syzkaller", 0 [pid 6907] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6906] <... memfd_create resumed>) = 3 [pid 6907] memfd_create("syzkaller", 0 [pid 6906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6907] <... memfd_create resumed>) = 3 [pid 6904] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6902] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6899] <... mount resumed>) = 0 [pid 6907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6906] <... mmap resumed>) = 0x7f7017800000 [pid 6899] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6899] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6899] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6899] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6899] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6898] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] <... futex resumed>) = 0 [pid 6899] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6899] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6899] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6898] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6898] <... futex resumed>) = 1 [pid 6899] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] <... openat resumed>) = 5 [pid 6904] <... write resumed>) = 2097152 [pid 6899] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6899] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6898] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6898] <... futex resumed>) = 0 [pid 6907] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6906] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6902] <... write resumed>) = 2097152 [pid 6899] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] <... write resumed>) = 1116 [pid 6902] munmap(0x7f7017800000, 138412032 [pid 6904] munmap(0x7f7017800000, 138412032 [pid 6899] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6899] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6898] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6898] <... futex resumed>) = 0 [pid 6899] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] <... mmap resumed>) = 0x200000000000 [pid 6899] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6898] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6902] <... munmap resumed>) = 0 [pid 6902] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6899] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6899] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] <... openat resumed>) = 4 [pid 6899] <... futex resumed>) = 1 [pid 6898] <... futex resumed>) = 0 [pid 6904] <... munmap resumed>) = 0 [pid 6902] ioctl(4, LOOP_SET_FD, 3 [pid 6899] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6898] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6898] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6899] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6904] <... openat resumed>) = 4 [pid 6904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6902] <... ioctl resumed>) = 0 [pid 6902] close(3) = 0 [pid 6902] close(4) = 0 [pid 6902] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6902] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6907] <... write resumed>) = 2097152 [pid 6904] close(3) = 0 [pid 6904] close(4) = 0 [pid 6904] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6904] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6906] <... write resumed>) = 2097152 [ 431.549094][ T6902] loop1: detected capacity change from 0 to 4096 [ 431.570289][ T6904] loop0: detected capacity change from 0 to 4096 [pid 6907] munmap(0x7f7017800000, 138412032) = 0 [pid 6906] munmap(0x7f7017800000, 138412032 [pid 6907] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6907] ioctl(4, LOOP_SET_FD, 3 [pid 6906] <... munmap resumed>) = 0 [pid 6906] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6906] ioctl(4, LOOP_SET_FD, 3 [pid 6907] <... ioctl resumed>) = 0 [pid 6902] <... mount resumed>) = 0 [pid 6907] close(3 [pid 6902] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6907] <... close resumed>) = 0 [pid 6902] <... openat resumed>) = 3 [pid 6907] close(4 [pid 6902] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6902] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6907] <... close resumed>) = 0 [pid 6902] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6902] <... futex resumed>) = 1 [pid 6907] <... mkdir resumed>) = 0 [pid 6902] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6907] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6900] <... futex resumed>) = 0 [pid 6902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6900] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6900] <... futex resumed>) = 0 [pid 6900] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... ioctl resumed>) = 0 [pid 6906] close(3) = 0 [pid 6906] close(4) = 0 [pid 6906] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6902] <... openat resumed>) = 4 [ 431.645331][ T6907] loop2: detected capacity change from 0 to 4096 [ 431.672719][ T6906] loop4: detected capacity change from 0 to 4096 [pid 6906] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6902] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6900] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6902] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6900] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] <... mount resumed>) = 0 [pid 6902] <... openat resumed>) = 5 [pid 6904] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6902] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6900] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6904] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6902] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6900] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] <... chdir resumed>) = 0 [pid 6904] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6902] <... write resumed>) = 1116 [pid 6904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6902] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6902] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6900] <... futex resumed>) = 0 [pid 6902] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6900] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] <... mmap resumed>) = 0x200000000000 [pid 6904] <... futex resumed>) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6904] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6903] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6902] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6903] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6902] <... futex resumed>) = 1 [pid 6900] <... futex resumed>) = 0 [pid 6902] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6900] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6904] <... openat resumed>) = 4 [pid 6902] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6904] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6904] <... futex resumed>) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6904] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6903] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] <... openat resumed>) = 5 [pid 6903] <... futex resumed>) = 0 [pid 6902] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6903] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6902] <... futex resumed>) = 1 [pid 6902] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6900] <... futex resumed>) = 0 [pid 6904] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6900] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] <... futex resumed>) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6902] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6900] <... futex resumed>) = 0 [pid 6903] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6903] <... futex resumed>) = 0 [pid 6904] <... write resumed>) = 1116 [pid 6903] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6903] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] <... futex resumed>) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6904] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6903] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6903] <... futex resumed>) = 0 [pid 6904] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6903] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6904] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6903] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6907] <... mount resumed>) = 0 [pid 6907] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6907] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6907] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6907] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] <... openat resumed>) = 4 [pid 6907] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6907] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6907] <... futex resumed>) = 0 [pid 6907] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6905] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] <... openat resumed>) = 5 [pid 6906] <... mount resumed>) = 0 [pid 6906] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6906] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6907] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6907] <... futex resumed>) = 1 [pid 6906] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6905] <... futex resumed>) = 0 [pid 6906] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6906] <... futex resumed>) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6907] <... write resumed>) = 1116 [pid 6906] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6905] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6907] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6905] <... futex resumed>) = 0 [pid 6907] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6905] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6905] <... futex resumed>) = 0 [pid 6901] <... futex resumed>) = 0 [pid 6905] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6901] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 0 [pid 6901] <... futex resumed>) = 1 [pid 6907] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6901] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... openat resumed>) = 4 [pid 6906] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6901] <... futex resumed>) = 0 [pid 6901] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6906] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6901] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... openat resumed>) = 5 [pid 6906] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6901] <... futex resumed>) = 0 [pid 6906] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6901] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] <... write resumed>) = 1116 [pid 6901] <... futex resumed>) = 0 [pid 6906] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 0 [pid 6901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6906] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6901] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] <... mmap resumed>) = 0x200000000000 [pid 6901] <... futex resumed>) = 0 [pid 6901] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6901] <... futex resumed>) = 0 [pid 6906] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6901] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6906] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6901] <... futex resumed>) = 0 [pid 6906] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 0 [pid 6901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6906] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6901] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6898] <... futex resumed>) = ? [pid 6899] +++ killed by SIGSEGV (core dumped) +++ [pid 6898] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=186, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5871] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6904] +++ killed by SIGSEGV (core dumped) +++ [pid 6903] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=184, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5868] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = 0 [pid 6902] +++ killed by SIGSEGV (core dumped) +++ [pid 6900] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=192, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5871] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... restart_syscall resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5870] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] newfstatat(4, "", [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] getdents64(4, [pid 5870] newfstatat(3, "", [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, [pid 5871] <... close resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] rmdir("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5870] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./89/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./89") = 0 [pid 5871] mkdir("./90", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6905] <... futex resumed>) = ? [pid 6901] <... futex resumed>) = ? [pid 6906] +++ killed by SIGSEGV (core dumped) +++ [pid 6901] +++ killed by SIGSEGV (core dumped) +++ [pid 6907] +++ killed by SIGSEGV (core dumped) +++ [pid 6905] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=186, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=188, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5872] <... restart_syscall resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5872] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 188 ./strace-static-x86_64: Process 6908 attached [pid 6908] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6908] chdir("./90") = 0 [pid 6908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6908] setpgid(0, 0 [pid 5872] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 6908] <... setpgid resumed>) = 0 [pid 5872] newfstatat(3, "", [pid 5869] newfstatat(3, "", [pid 6908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6908] <... openat resumed>) = 3 [pid 5872] getdents64(3, [pid 5869] getdents64(3, [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6908] write(3, "1000", 4) = 4 [pid 6908] close(3) = 0 [pid 6908] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6908] write(1, "executing program\n", 18) = 18 [pid 6908] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6908] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[189]}, 88) = 189 [pid 6908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6908] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6909 attached [pid 6909] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6909] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6909] memfd_create("syzkaller", 0 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6909] <... memfd_create resumed>) = 3 [pid 5870] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6909] <... mmap resumed>) = 0x7f7017800000 [pid 5868] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] <... rmdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./89/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] rmdir("./89") = 0 [pid 5870] mkdir("./90", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 5872] <... umount2 resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6909] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] getdents64(4, [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] close(4 [pid 5870] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] rmdir("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... rmdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... openat resumed>) = 4 [pid 5872] <... openat resumed>) = 4 [pid 5868] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5872] newfstatat(4, "", [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] newfstatat(4, "", [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] unlink("./89/binderfs" [pid 5872] getdents64(4, [pid 5869] getdents64(4, ./strace-static-x86_64: Process 6910 attached [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... unlink resumed>) = 0 [pid 6910] set_robust_list(0x55557616a6a0, 24 [pid 5872] getdents64(4, [pid 5869] getdents64(4, [pid 5868] getdents64(3, [pid 6910] <... set_robust_list resumed>) = 0 [pid 6909] <... write resumed>) = 2097152 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 194 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6910] chdir("./90" [pid 6909] munmap(0x7f7017800000, 138412032 [pid 5872] close(4 [pid 5869] close(4 [pid 5868] close(3 [pid 6910] <... chdir resumed>) = 0 [pid 6909] <... munmap resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x38\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] rmdir("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6910] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] rmdir("./89" [pid 6910] <... prctl resumed>) = 0 [pid 5872] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6910] setpgid(0, 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... rmdir resumed>) = 0 [pid 6910] <... setpgid resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5869] newfstatat(AT_FDCWD, "./90/binderfs", [pid 6910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] mkdir("./90", 0777 [pid 6910] <... openat resumed>) = 3 [pid 5872] unlink("./89/binderfs" [pid 5869] unlink("./90/binderfs" [pid 6910] write(3, "1000", 4 [pid 5872] <... unlink resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 6910] <... write resumed>) = 4 [pid 5872] getdents64(3, [pid 5869] getdents64(3, [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6910] close(3 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6910] <... close resumed>) = 0 [pid 5872] close(3 [pid 5869] close(3 [pid 6910] symlink("/dev/binderfs", "./binderfs" [pid 5872] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6910] <... symlink resumed>) = 0 [pid 5872] rmdir("./89" [pid 5869] rmdir("./90" [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6910] write(1, "executing program\n", 18executing program [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6910] <... write resumed>) = 18 [pid 5869] mkdir("./91", 0777 [pid 5868] <... ioctl resumed>) = 0 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] mkdir("./90", 0777 [pid 5869] <... mkdir resumed>) = 0 [pid 6910] <... futex resumed>) = 0 [pid 6909] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] close(3 [pid 6910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6909] <... openat resumed>) = 4 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... openat resumed>) = 3 [pid 6910] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6910] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6909] ioctl(4, LOOP_SET_FD, 3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5869] <... ioctl resumed>) = 0 [pid 6910] <... mprotect resumed>) = 0 [pid 5869] close(3 [pid 6910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[195]}, 88) = 195 [pid 6910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6910] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3./strace-static-x86_64: Process 6911 attached [pid 6911] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6911] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6911] memfd_create("syzkaller", 0 [pid 6909] <... ioctl resumed>) = 0 [pid 6911] <... memfd_create resumed>) = 3 [pid 6911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6909] close(3 [pid 6911] <... mmap resumed>) = 0x7f7017800000 [pid 6909] <... close resumed>) = 0 [pid 6909] close(4) = 0 [pid 6909] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6909] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] <... close resumed>) = 0 [ 432.692251][ T6909] loop3: detected capacity change from 0 to 4096 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... close resumed>) = 0 ./strace-static-x86_64: Process 6912 attached [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... close resumed>) = 0 [pid 6912] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 186 [pid 6912] <... set_robust_list resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6913 attached [pid 6912] chdir("./90" [pid 6913] set_robust_list(0x55557616a6a0, 24 [pid 6912] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6914 attached [pid 6913] <... set_robust_list resumed>) = 0 [pid 6912] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 190 [pid 6914] set_robust_list(0x55557616a6a0, 24 [pid 6913] chdir("./91" [pid 6912] <... prctl resumed>) = 0 [pid 6914] <... set_robust_list resumed>) = 0 [pid 6914] chdir("./90") = 0 [pid 6914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6912] setpgid(0, 0 [pid 6914] setpgid(0, 0 [pid 6912] <... setpgid resumed>) = 0 [pid 6914] <... setpgid resumed>) = 0 [pid 6914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6913] <... chdir resumed>) = 0 [pid 6912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 188 [pid 6914] <... openat resumed>) = 3 [pid 6913] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6912] <... openat resumed>) = 3 [pid 6913] <... prctl resumed>) = 0 [pid 6912] write(3, "1000", 4 [pid 6914] write(3, "1000", 4 [pid 6913] setpgid(0, 0 [pid 6912] <... write resumed>) = 4 [pid 6914] <... write resumed>) = 4 [pid 6913] <... setpgid resumed>) = 0 [pid 6912] close(3 [pid 6914] close(3 [pid 6912] <... close resumed>) = 0 [pid 6914] <... close resumed>) = 0 [pid 6913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6912] symlink("/dev/binderfs", "./binderfs" [pid 6914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6912] <... symlink resumed>) = 0 [pid 6914] write(1, "executing program\n", 18executing program [pid 6912] write(1, "executing program\n", 18 [pid 6913] <... openat resumed>) = 3 executing program [pid 6912] <... write resumed>) = 18 [pid 6914] <... write resumed>) = 18 [pid 6913] write(3, "1000", 4 [pid 6912] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6914] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... write resumed>) = 4 [pid 6912] <... futex resumed>) = 0 [pid 6912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6913] close(3 [pid 6914] <... futex resumed>) = 0 [pid 6912] <... mmap resumed>) = 0x7f701fcf4000 [pid 6914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6914] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6912] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[189]}, 88) = 189 [pid 6914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6914] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6915 attached [pid 6915] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6913] <... close resumed>) = 0 [pid 6915] <... rseq resumed>) = 0 [pid 6915] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6913] symlink("/dev/binderfs", "./binderfs" [pid 6912] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6913] <... symlink resumed>) = 0 executing program [pid 6913] write(1, "executing program\n", 18 [pid 6912] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6909] <... mount resumed>) = 0 [pid 6915] memfd_create("syzkaller", 0 [pid 6912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6909] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6913] <... write resumed>) = 18 ./strace-static-x86_64: Process 6916 attached [pid 6913] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... openat resumed>) = 3 [pid 6916] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6915] <... memfd_create resumed>) = 3 [pid 6913] <... futex resumed>) = 0 [pid 6912] <... clone3 resumed> => {parent_tid=[187]}, 88) = 187 [pid 6909] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6916] <... rseq resumed>) = 0 [pid 6915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6912] rt_sigprocmask(SIG_SETMASK, [], [pid 6909] <... chdir resumed>) = 0 [pid 6909] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6916] set_robust_list(0x7f701fd149a0, 24 [pid 6913] <... mmap resumed>) = 0x7f701fcf4000 [pid 6912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6916] <... set_robust_list resumed>) = 0 [pid 6913] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6912] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... mmap resumed>) = 0x7f7017800000 [pid 6913] <... mprotect resumed>) = 0 [pid 6916] rt_sigprocmask(SIG_SETMASK, [], [pid 6912] <... futex resumed>) = 0 [pid 6916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6912] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6909] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6916] memfd_create("syzkaller", 0 [pid 6909] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6909] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6908] <... futex resumed>) = 0 [pid 6913] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6908] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] <... memfd_create resumed>) = 3 [pid 6916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6908] <... futex resumed>) = 1 [pid 6909] <... futex resumed>) = 0 [pid 6909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6916] <... mmap resumed>) = 0x7f7017800000 [pid 6913] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6908] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6911] <... write resumed>) = 2097152 [pid 6911] munmap(0x7f7017800000, 138412032 [pid 6909] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6917 attached [pid 6913] <... clone3 resumed> => {parent_tid=[191]}, 88) = 191 [pid 6911] <... munmap resumed>) = 0 [pid 6909] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], [pid 6909] <... futex resumed>) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6909] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6908] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... rseq resumed>) = 0 [pid 6915] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6909] <... openat resumed>) = 5 [pid 6908] <... futex resumed>) = 0 [pid 6917] set_robust_list(0x7f701fd149a0, 24 [pid 6913] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... set_robust_list resumed>) = 0 [pid 6917] rt_sigprocmask(SIG_SETMASK, [], [pid 6913] <... futex resumed>) = 0 [pid 6917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6913] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6908] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] memfd_create("syzkaller", 0 [pid 6909] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6911] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6909] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6908] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... openat resumed>) = 4 [pid 6909] <... write resumed>) = 1116 [pid 6908] <... futex resumed>) = 0 [pid 6911] ioctl(4, LOOP_SET_FD, 3 [pid 6909] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6908] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... memfd_create resumed>) = 3 [pid 6909] <... futex resumed>) = 0 [pid 6908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6908] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6909] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6917] <... mmap resumed>) = 0x7f7017800000 [pid 6909] <... mmap resumed>) = 0x200000000000 [pid 6909] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6908] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6909] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6916] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6909] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6911] <... ioctl resumed>) = 0 [pid 6909] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6908] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6909] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6908] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 432.933304][ T6911] loop1: detected capacity change from 0 to 4096 [pid 6911] close(3) = 0 [pid 6911] close(4) = 0 [pid 6911] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6911] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6917] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6915] <... write resumed>) = 2097152 [pid 6915] munmap(0x7f7017800000, 138412032) = 0 [pid 6916] <... write resumed>) = 2097152 [pid 6916] munmap(0x7f7017800000, 138412032 [pid 6915] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6915] ioctl(4, LOOP_SET_FD, 3 [pid 6916] <... munmap resumed>) = 0 [pid 6911] <... mount resumed>) = 0 [pid 6911] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6911] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6911] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6916] <... openat resumed>) = 4 [pid 6911] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] ioctl(4, LOOP_SET_FD, 3 [pid 6911] <... futex resumed>) = 1 [pid 6910] <... futex resumed>) = 0 [pid 6911] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6910] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = 0 [pid 6910] <... futex resumed>) = 1 [pid 6911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6917] <... write resumed>) = 2097152 [pid 6911] <... openat resumed>) = 4 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6911] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6911] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6910] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... ioctl resumed>) = 0 [pid 6911] <... futex resumed>) = 0 [pid 6910] <... futex resumed>) = 1 [pid 6915] close(3 [pid 6911] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... close resumed>) = 0 [pid 6915] close(4) = 0 [pid 6915] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6915] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6916] <... ioctl resumed>) = 0 [pid 6916] close(3) = 0 [pid 6916] close(4) = 0 [pid 6916] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6916] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 433.100623][ T6915] loop4: detected capacity change from 0 to 4096 [ 433.132031][ T6916] loop0: detected capacity change from 0 to 4096 [pid 6917] munmap(0x7f7017800000, 138412032) = 0 [pid 6911] <... openat resumed>) = 5 [pid 6917] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6911] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... openat resumed>) = 4 [pid 6911] <... futex resumed>) = 1 [pid 6910] <... futex resumed>) = 0 [pid 6910] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] ioctl(4, LOOP_SET_FD, 3 [pid 6911] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6911] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6910] <... futex resumed>) = 0 [pid 6911] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6910] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6910] <... futex resumed>) = 0 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6911] <... mmap resumed>) = 0x200000000000 [pid 6911] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6910] <... futex resumed>) = 0 [pid 6911] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6917] <... ioctl resumed>) = 0 [pid 6910] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6911] <... futex resumed>) = 0 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] close(3 [pid 6911] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6917] <... close resumed>) = 0 [pid 6917] close(4 [pid 6911] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6917] <... close resumed>) = 0 [pid 6911] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6911] <... futex resumed>) = 1 [pid 6910] <... futex resumed>) = 0 [pid 6917] <... mkdir resumed>) = 0 [pid 6911] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6910] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6910] <... futex resumed>) = 0 [pid 6911] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [ 433.195928][ T6917] loop2: detected capacity change from 0 to 4096 [pid 6910] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] <... mount resumed>) = 0 [pid 6916] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6916] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6916] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6912] <... futex resumed>) = 0 [pid 6916] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] <... futex resumed>) = 0 [pid 6916] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6912] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6908] <... futex resumed>) = ? [pid 6916] <... openat resumed>) = 4 [pid 6916] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6912] <... futex resumed>) = 0 [pid 6912] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] +++ killed by SIGSEGV (core dumped) +++ [pid 6908] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=188, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 6912] <... futex resumed>) = 1 [pid 6916] <... futex resumed>) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6912] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6915] <... mount resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6915] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] <... openat resumed>) = 3 [pid 6916] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", [pid 6916] <... futex resumed>) = 1 [pid 6915] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6916] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6915] <... chdir resumed>) = 0 [pid 5871] getdents64(3, [pid 6915] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6915] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6912] <... futex resumed>) = 0 [pid 6915] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6914] <... futex resumed>) = 0 [pid 6912] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6917] <... mount resumed>) = 0 [pid 6917] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6917] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6912] <... futex resumed>) = 1 [pid 6917] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6917] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... futex resumed>) = 0 [pid 6916] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6916] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6916] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6915] <... openat resumed>) = 4 [pid 6915] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 1 [pid 6915] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6915] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6914] <... futex resumed>) = 0 [pid 6915] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6914] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6913] <... futex resumed>) = 0 [pid 6912] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6914] <... futex resumed>) = 0 [pid 6913] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6914] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... futex resumed>) = 0 [pid 6913] <... futex resumed>) = 1 [pid 6912] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6916] <... futex resumed>) = 0 [pid 6913] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... futex resumed>) = 1 [pid 6917] <... openat resumed>) = 4 [pid 6912] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6915] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6917] <... futex resumed>) = 1 [pid 6916] <... mmap resumed>) = 0x200000000000 [pid 6913] <... futex resumed>) = 0 [pid 6917] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... write resumed>) = 1116 [pid 6913] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6916] <... futex resumed>) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6912] <... futex resumed>) = 0 [pid 6917] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6916] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... openat resumed>) = 5 [pid 6916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6915] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] <... futex resumed>) = 0 [pid 6912] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6916] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6915] <... futex resumed>) = 1 [pid 6917] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6916] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6915] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6914] <... futex resumed>) = 0 [pid 6916] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6914] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] <... futex resumed>) = 0 [pid 6915] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6914] <... futex resumed>) = 0 [pid 6916] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6915] <... mmap resumed>) = 0x200000000000 [pid 6914] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6914] <... futex resumed>) = 0 [pid 6915] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6914] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = 0 [pid 6912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6915] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6914] <... futex resumed>) = 0 [pid 6915] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 0 [pid 6914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6915] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6914] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] <... futex resumed>) = 0 [pid 6916] <... futex resumed>) = 0 [pid 6913] <... futex resumed>) = 1 [pid 6912] <... futex resumed>) = 1 [pid 6917] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6916] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6913] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] ???( [pid 6917] <... write resumed>) = 1116 [pid 6917] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6917] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6913] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6913] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6917] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6913] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6913] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... futex resumed>) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6917] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6913] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 6917] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6917] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6913] <... futex resumed>) = 0 [pid 6917] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6913] ???( [pid 6910] <... futex resumed>) = ? [pid 6911] +++ killed by SIGSEGV (core dumped) +++ [pid 6910] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=194, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5871] <... umount2 resumed>) = 0 [pid 5870] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", [pid 5871] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] getdents64(3, [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./90/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./90") = 0 [pid 5871] mkdir("./91", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 190 ./strace-static-x86_64: Process 6918 attached [pid 6918] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6918] chdir("./91") = 0 [pid 6918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6918] setpgid(0, 0) = 0 [pid 6918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6918] write(3, "1000", 4) = 4 [pid 6918] close(3) = 0 [pid 6918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6918] write(1, "executing program\n", 18executing program ) = 18 [pid 6918] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6918] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6919 attached => {parent_tid=[191]}, 88) = 191 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6918] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6918] <... futex resumed>) = 0 [pid 6919] <... rseq resumed>) = 0 [pid 6918] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6919] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6919] memfd_create("syzkaller", 0 [pid 5870] <... umount2 resumed>) = 0 [pid 6919] <... memfd_create resumed>) = 3 [pid 5870] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6919] <... mmap resumed>) = 0x7f7017800000 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./90/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./90") = 0 [pid 5870] mkdir("./91", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 6913] <... ??? resumed>) = ? [pid 5870] <... close resumed>) = 0 [pid 6919] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6914] <... futex resumed>) = ? [pid 6912] <... ??? resumed>) = ? [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6917] +++ killed by SIGSEGV (core dumped) +++ [pid 6913] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=190, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- ./strace-static-x86_64: Process 6920 attached [pid 6915] +++ killed by SIGSEGV (core dumped) +++ [pid 6914] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=188, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 6920] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 196 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6920] chdir("./91" [pid 6916] +++ killed by SIGSEGV (core dumped) +++ [pid 6912] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=186, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 6920] <... chdir resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(3, "", [pid 6920] <... prctl resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6920] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] getdents64(3, [pid 6920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] <... openat resumed>) = 3 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6920] write(3, "1000", 4 [pid 5872] newfstatat(3, "", [pid 5869] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6920] <... write resumed>) = 4 [pid 6920] close(3) = 0 [pid 6920] symlink("/dev/binderfs", "./binderfs" [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6920] <... symlink resumed>) = 0 executing program [pid 5868] <... restart_syscall resumed>) = 0 [pid 6920] write(1, "executing program\n", 18) = 18 [pid 6920] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6920] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6920] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] getdents64(3, [pid 6920] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6921 attached ) = 3 [pid 6920] <... clone3 resumed> => {parent_tid=[197]}, 88) = 197 [pid 6920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6920] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5868] newfstatat(3, "", [pid 6921] <... rseq resumed>) = 0 [pid 6921] set_robust_list(0x7f701fd149a0, 24 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6921] <... set_robust_list resumed>) = 0 [pid 6921] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6920] <... futex resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6920] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6921] memfd_create("syzkaller", 0) = 3 [pid 6919] <... write resumed>) = 2097152 [pid 6921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6919] munmap(0x7f7017800000, 138412032 [pid 6921] <... mmap resumed>) = 0x7f7017800000 [pid 6919] <... munmap resumed>) = 0 [pid 6919] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6919] close(3) = 0 [pid 6919] close(4) = 0 [pid 6919] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6919] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... umount2 resumed>) = 0 [pid 6921] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 434.104616][ T6919] loop3: detected capacity change from 0 to 4096 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5869] getdents64(4, [pid 5868] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./91/binderfs", [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./91/binderfs" [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... unlink resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] getdents64(4, [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] getdents64(3, [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] umount2("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] getdents64(4, [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] close(3 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... close resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] rmdir("./91" [pid 5872] <... openat resumed>) = 4 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] close(4 [pid 5872] newfstatat(4, "", [pid 5869] mkdir("./92", 0777 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... rmdir resumed>) = 0 [pid 5872] getdents64(4, [pid 5869] <... openat resumed>) = 3 [pid 5868] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] close(4 [pid 5868] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x39\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5872] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] close(3 [pid 6921] <... write resumed>) = 2097152 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] unlink("./90/binderfs" [pid 6921] munmap(0x7f7017800000, 138412032 [pid 5872] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5868] <... unlink resumed>) = 0 [pid 6921] <... munmap resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./90" [pid 5872] unlink("./90/binderfs" [pid 5868] <... rmdir resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 5868] mkdir("./91", 0777 [pid 5872] getdents64(3, [pid 5868] <... mkdir resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] close(3 [pid 5868] <... openat resumed>) = 3 [pid 5872] <... close resumed>) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5872] rmdir("./90" [pid 5868] <... ioctl resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5868] close(3 [pid 5872] mkdir("./91", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6919] <... mount resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6919] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6919] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6921] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6919] <... chdir resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6921] <... openat resumed>) = 4 [pid 6921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6919] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6919] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6921] close(3) = 0 [pid 6921] close(4) = 0 [pid 6921] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 192 [pid 5868] <... close resumed>) = 0 [pid 6921] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"..../strace-static-x86_64: Process 6922 attached [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6919] <... openat resumed>) = 4 [pid 6922] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6922] chdir("./92" [pid 6919] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6918] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6922] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6923 attached [pid 6919] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6922] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 188 [pid 6922] <... prctl resumed>) = 0 [pid 6922] setpgid(0, 0 [pid 6923] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6922] <... setpgid resumed>) = 0 [pid 6923] chdir("./91" [pid 6922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6919] <... openat resumed>) = 5 [pid 6919] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6919] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6918] <... futex resumed>) = 0 [pid 6922] <... openat resumed>) = 3 [pid 6919] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6918] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6923] <... chdir resumed>) = 0 [pid 6922] write(3, "1000", 4 [pid 6923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6922] <... write resumed>) = 4 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6923] setpgid(0, 0 [pid 6922] close(3./strace-static-x86_64: Process 6924 attached [pid 6923] <... setpgid resumed>) = 0 [ 434.258698][ T6921] loop1: detected capacity change from 0 to 4096 executing program [pid 6923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6922] <... close resumed>) = 0 [pid 6922] symlink("/dev/binderfs", "./binderfs" [pid 6924] set_robust_list(0x55557616a6a0, 24 [pid 6922] <... symlink resumed>) = 0 [pid 6924] <... set_robust_list resumed>) = 0 [pid 6919] <... write resumed>) = 1116 [pid 6924] chdir("./91" [pid 6923] <... openat resumed>) = 3 [pid 6922] write(1, "executing program\n", 18) = 18 [pid 6922] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] write(3, "1000", 4 [pid 6922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6924] <... chdir resumed>) = 0 [pid 6923] <... write resumed>) = 4 [pid 6922] <... mmap resumed>) = 0x7f701fcf4000 [pid 6924] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6919] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6919] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6918] <... futex resumed>) = 0 [pid 6918] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] <... prctl resumed>) = 0 [pid 6924] setpgid(0, 0 [pid 6919] <... mmap resumed>) = 0x200000000000 [pid 6924] <... setpgid resumed>) = 0 [pid 6923] close(3 [pid 6919] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 190 [pid 6924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6923] <... close resumed>) = 0 [pid 6919] <... futex resumed>) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6919] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6918] <... futex resumed>) = 0 [pid 6923] symlink("/dev/binderfs", "./binderfs" [pid 6922] <... mprotect resumed>) = 0 [pid 6919] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6918] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6923] <... symlink resumed>) = 0 [pid 6919] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6924] <... openat resumed>) = 3 [pid 6923] write(1, "executing program\n", 18 [pid 6922] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6919] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6923] <... write resumed>) = 18 [pid 6922] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6919] <... futex resumed>) = 1 [pid 6918] <... futex resumed>) = 0 [pid 6923] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6919] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6918] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] write(3, "1000", 4 [pid 6923] <... futex resumed>) = 0 [pid 6918] <... futex resumed>) = 0 [pid 6924] <... write resumed>) = 4 [pid 6923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6922] <... clone3 resumed> => {parent_tid=[193]}, 88) = 193 [pid 6919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6918] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] close(3 [pid 6923] <... mmap resumed>) = 0x7f701fcf4000 [pid 6922] rt_sigprocmask(SIG_SETMASK, [], [pid 6919] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6924] <... close resumed>) = 0 [pid 6923] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6924] symlink("/dev/binderfs", "./binderfs" [pid 6923] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6922] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6925 attached [pid 6924] <... symlink resumed>) = 0 [pid 6925] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6924] write(1, "executing program\n", 18executing program [pid 6925] <... rseq resumed>) = 0 [pid 6924] <... write resumed>) = 18 [pid 6923] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6922] <... futex resumed>) = 0 [pid 6924] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6922] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6925] set_robust_list(0x7f701fd149a0, 24./strace-static-x86_64: Process 6926 attached ) = 0 [pid 6924] <... futex resumed>) = 0 [pid 6925] rt_sigprocmask(SIG_SETMASK, [], [pid 6924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6923] <... clone3 resumed> => {parent_tid=[189]}, 88) = 189 [pid 6924] <... mmap resumed>) = 0x7f701fcf4000 [pid 6923] rt_sigprocmask(SIG_SETMASK, [], [pid 6925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6924] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6924] <... mprotect resumed>) = 0 [pid 6923] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6923] <... futex resumed>) = 0 [pid 6926] <... rseq resumed>) = 0 [pid 6924] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6923] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6926] set_robust_list(0x7f701fd149a0, 24 [pid 6925] memfd_create("syzkaller", 0 [pid 6924] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6926] <... set_robust_list resumed>) = 0 [pid 6926] rt_sigprocmask(SIG_SETMASK, [], [pid 6925] <... memfd_create resumed>) = 3 [pid 6925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6925] <... mmap resumed>) = 0x7f7017800000 [pid 6924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6927 attached [pid 6927] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6926] memfd_create("syzkaller", 0 [pid 6924] <... clone3 resumed> => {parent_tid=[191]}, 88) = 191 [pid 6927] <... rseq resumed>) = 0 [pid 6924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6924] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6926] <... memfd_create resumed>) = 3 [pid 6926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6927] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6927] memfd_create("syzkaller", 0) = 3 [pid 6927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6926] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6921] <... mount resumed>) = 0 [pid 6921] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6921] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6921] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6921] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6921] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6921] <... futex resumed>) = 0 [pid 6920] <... futex resumed>) = 1 [pid 6921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6920] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] <... openat resumed>) = 4 [pid 6921] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] <... write resumed>) = 2097152 [pid 6921] <... futex resumed>) = 1 [pid 6920] <... futex resumed>) = 0 [pid 6921] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] munmap(0x7f7017800000, 138412032 [pid 6920] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] <... futex resumed>) = 0 [pid 6920] <... futex resumed>) = 1 [pid 6921] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6920] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] <... write resumed>) = 2097152 [pid 6921] <... openat resumed>) = 5 [pid 6921] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6920] <... futex resumed>) = 0 [pid 6921] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6920] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] <... munmap resumed>) = 0 [pid 6920] <... futex resumed>) = 0 [pid 6926] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6921] <... write resumed>) = 1116 [pid 6920] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] <... openat resumed>) = 4 [pid 6925] munmap(0x7f7017800000, 138412032 [pid 6921] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6921] <... futex resumed>) = 0 [pid 6926] ioctl(4, LOOP_SET_FD, 3 [pid 6921] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6920] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6920] <... futex resumed>) = 0 [pid 6921] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6920] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6920] <... futex resumed>) = 0 [pid 6921] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6920] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] <... futex resumed>) = 0 [pid 6920] <... futex resumed>) = 1 [pid 6921] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6920] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6921] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] <... munmap resumed>) = 0 [pid 6920] <... futex resumed>) = 1 [pid 6921] <... futex resumed>) = 0 [pid 6921] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6926] <... ioctl resumed>) = 0 [pid 6925] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6926] close(3 [pid 6925] <... openat resumed>) = 4 [ 434.555355][ T6926] loop0: detected capacity change from 0 to 4096 [pid 6926] <... close resumed>) = 0 [pid 6925] ioctl(4, LOOP_SET_FD, 3 [pid 6926] close(4) = 0 [pid 6925] <... ioctl resumed>) = 0 [pid 6926] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6925] close(3 [pid 6926] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6925] <... close resumed>) = 0 [pid 6925] close(4) = 0 [pid 6925] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6925] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6927] <... write resumed>) = 2097152 [ 434.597533][ T6925] loop2: detected capacity change from 0 to 4096 [pid 6927] munmap(0x7f7017800000, 138412032) = 0 [pid 6927] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6927] ioctl(4, LOOP_SET_FD, 3) = 0 [ 434.674877][ T6927] loop4: detected capacity change from 0 to 4096 [pid 6927] close(3) = 0 [pid 6927] close(4) = 0 [pid 6927] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6927] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6918] <... futex resumed>) = ? [pid 6919] +++ killed by SIGSEGV (core dumped) +++ [pid 6918] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=190, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [pid 5871] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6925] <... mount resumed>) = 0 [pid 6925] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6925] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6926] <... mount resumed>) = 0 [pid 6925] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6926] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6925] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6925] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6925] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] <... openat resumed>) = 3 [pid 6926] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6926] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... futex resumed>) = 0 [pid 6926] <... futex resumed>) = 1 [pid 6926] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6922] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] <... futex resumed>) = 0 [pid 6922] <... futex resumed>) = 1 [pid 6925] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6922] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6923] <... futex resumed>) = 0 [pid 6927] <... mount resumed>) = 0 [pid 6923] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] <... futex resumed>) = 0 [pid 6923] <... futex resumed>) = 1 [pid 6923] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6927] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6926] <... openat resumed>) = 4 [pid 6925] <... openat resumed>) = 4 [pid 6927] <... openat resumed>) = 3 [pid 6927] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6927] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6926] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6926] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6923] <... futex resumed>) = 0 [pid 6926] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6925] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] <... futex resumed>) = 1 [pid 6922] <... futex resumed>) = 0 [pid 6927] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6922] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = 1 [pid 6925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6924] <... futex resumed>) = 0 [pid 6922] <... futex resumed>) = 0 [pid 6927] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] <... openat resumed>) = 5 [pid 6925] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6924] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6924] <... futex resumed>) = 0 [pid 6925] <... openat resumed>) = 5 [pid 6924] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6926] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [pid 6923] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... openat resumed>) = 4 [pid 6925] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6922] <... futex resumed>) = 0 [pid 6922] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6925] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6925] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6922] <... futex resumed>) = 0 [pid 6922] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6927] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... futex resumed>) = 1 [pid 6924] <... futex resumed>) = 0 [pid 6927] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6926] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6925] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6924] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] <... write resumed>) = 1116 [pid 6927] <... openat resumed>) = 5 [pid 6925] <... mmap resumed>) = 0x200000000000 [pid 6925] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6922] <... futex resumed>) = 0 [pid 6922] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6922] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6927] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] <... futex resumed>) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6926] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] <... futex resumed>) = 1 [pid 6927] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6925] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6924] <... futex resumed>) = 0 [pid 6923] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] <... futex resumed>) = 0 [pid 6925] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] <... futex resumed>) = 1 [pid 6927] <... futex resumed>) = 0 [pid 6925] <... futex resumed>) = 1 [pid 6924] <... futex resumed>) = 1 [pid 6926] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6923] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6922] <... futex resumed>) = 0 [pid 6927] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6926] <... mmap resumed>) = 0x200000000000 [pid 6925] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6924] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... write resumed>) = 1116 [pid 6925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6922] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6927] <... futex resumed>) = 1 [pid 6926] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6922] <... futex resumed>) = ? [pid 6927] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] <... futex resumed>) = 1 [pid 6924] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] <... futex resumed>) = 0 [pid 6927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6926] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6924] <... futex resumed>) = 0 [pid 6923] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6924] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6923] <... futex resumed>) = 0 [pid 6927] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... futex resumed>) = 1 [pid 6924] <... futex resumed>) = 0 [pid 6927] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6924] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6927] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = 0 [pid 6927] <... futex resumed>) = 0 [pid 6924] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6924] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = 0 [pid 6924] <... futex resumed>) = 1 [pid 6927] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6924] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5871] <... umount2 resumed>) = 0 [pid 6926] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6926] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6926] <... futex resumed>) = 1 [pid 6923] <... futex resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6923] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6926] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6921] +++ killed by SIGSEGV (core dumped) +++ [pid 6920] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... openat resumed>) = 4 [pid 5871] newfstatat(4, "", [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=196, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 5870] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] rmdir("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./91/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 5870] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./91" [pid 5870] <... openat resumed>) = 3 [pid 5871] <... rmdir resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 5871] mkdir("./92", 0777 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5870] getdents64(3, [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... openat resumed>) = 3 [pid 5870] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6928 attached [pid 6928] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 192 [pid 6928] chdir("./92") = 0 [pid 6928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6928] setpgid(0, 0) = 0 [pid 6928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6928] write(3, "1000", 4) = 4 [pid 6928] close(3) = 0 [pid 6928] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6928] write(1, "executing program\n", 18) = 18 [pid 5870] <... umount2 resumed>) = 0 [pid 6928] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6928] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6928] <... mmap resumed>) = 0x7f701fcf4000 [pid 5870] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6928] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./91/binderfs" [pid 6928] <... mprotect resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./91" [pid 6928] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./92", 0777) = 0 [pid 6928] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6928] <... clone3 resumed> => {parent_tid=[193]}, 88) = 193 [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 6928] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] close(3 [pid 6928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6928] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6929 attached [pid 6929] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6928] <... futex resumed>) = 0 [pid 6929] <... rseq resumed>) = 0 [pid 6928] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6929] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6929] memfd_create("syzkaller", 0) = 3 [pid 6929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5870] <... close resumed>) = 0 [pid 6924] <... futex resumed>) = ? [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6930 attached [pid 6930] set_robust_list(0x55557616a6a0, 24 [pid 6927] +++ killed by SIGSEGV (core dumped) +++ [pid 6924] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 198 [pid 6930] <... set_robust_list resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=190, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 6930] chdir("./92") = 0 [pid 6930] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6930] <... prctl resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6930] setpgid(0, 0 [pid 6929] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6930] <... setpgid resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 6930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] newfstatat(3, "", [pid 6930] <... openat resumed>) = 3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6930] write(3, "1000", 4 [pid 6925] +++ killed by SIGSEGV (core dumped) +++ [pid 6922] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] getdents64(3, [pid 6930] <... write resumed>) = 4 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6930] close(3 [pid 5872] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=192, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 6930] <... close resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 6930] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... restart_syscall resumed>) = 0 [pid 6930] <... symlink resumed>) = 0 [pid 5869] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6930] write(1, "executing program\n", 18 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6930] <... write resumed>) = 18 [pid 5869] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6930] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 3 [pid 6930] <... futex resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 6930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6930] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] getdents64(3, [pid 6930] <... mprotect resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6930] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6930] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6931 attached => {parent_tid=[199]}, 88) = 199 [pid 6930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6930] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6930] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6931] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6923] <... futex resumed>) = ? [pid 6931] <... rseq resumed>) = 0 [pid 6931] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6931] memfd_create("syzkaller", 0) = 3 [pid 6926] +++ killed by SIGSEGV (core dumped) +++ [pid 6923] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=188, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 6931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6929] <... write resumed>) = 2097152 [pid 6931] <... mmap resumed>) = 0x7f7017800000 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6929] munmap(0x7f7017800000, 138412032) = 0 [pid 6929] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... umount2 resumed>) = 0 [pid 6931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6929] <... openat resumed>) = 4 [pid 5872] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6929] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 5869] <... umount2 resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./91/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] rmdir("./91") = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6929] <... ioctl resumed>) = 0 [pid 5872] mkdir("./92", 0777 [pid 5868] <... umount2 resumed>) = 0 [pid 6929] close(3 [pid 5872] <... mkdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6929] <... close resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 6929] close(4 [pid 5872] close(3 [pid 5869] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6929] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6929] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6929] <... mkdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6929] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... openat resumed>) = 4 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] getdents64(4, [pid 5868] <... openat resumed>) = 4 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 5868] newfstatat(4, "", [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 5869] <... close resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [ 435.604353][ T6929] loop3: detected capacity change from 0 to 4096 [pid 5869] rmdir("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] getdents64(4, [pid 5869] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] close(4 [pid 5869] newfstatat(AT_FDCWD, "./92/binderfs", [pid 5868] <... close resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] rmdir("\x2e\x2f\x39\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] unlink("./92/binderfs") = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./91/binderfs") = 0 [pid 6931] <... write resumed>) = 2097152 [pid 5872] <... close resumed>) = 0 [pid 5869] getdents64(3, [pid 5868] getdents64(3, [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] rmdir("./92" [pid 5868] close(3 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] mkdir("./93", 0777 [pid 6931] munmap(0x7f7017800000, 138412032 [pid 5869] <... mkdir resumed>) = 0 [pid 5868] rmdir("./91" [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./92", 0777 [pid 5869] <... openat resumed>) = 3 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6931] <... munmap resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 192 ./strace-static-x86_64: Process 6932 attached [pid 5869] <... ioctl resumed>) = 0 [pid 6932] set_robust_list(0x55557616a6a0, 24 [pid 5869] close(3 [pid 6932] <... set_robust_list resumed>) = 0 [pid 6932] chdir("./92" [pid 5868] <... close resumed>) = 0 [pid 6932] <... chdir resumed>) = 0 [pid 6932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6932] setpgid(0, 0) = 0 [pid 6932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6931] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6932] <... openat resumed>) = 3 [pid 6931] <... openat resumed>) = 4 executing program [pid 6932] write(3, "1000", 4 [pid 6931] ioctl(4, LOOP_SET_FD, 3 [pid 6932] <... write resumed>) = 4 [pid 6932] close(3) = 0 [pid 6932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6932] write(1, "executing program\n", 18) = 18 [pid 6932] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6932] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 6933 attached [pid 6932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6933] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6932] <... clone3 resumed> => {parent_tid=[193]}, 88) = 193 ./strace-static-x86_64: Process 6934 attached [pid 6932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6932] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] chdir("./92" [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6934] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6933] <... chdir resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6934] <... rseq resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6934] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6934] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6935 attached [pid 6933] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6931] <... ioctl resumed>) = 0 [pid 6934] <... memfd_create resumed>) = 3 [pid 6933] <... prctl resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 190 [pid 6934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6933] setpgid(0, 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 194 [pid 6934] <... mmap resumed>) = 0x7f7017800000 [pid 6933] <... setpgid resumed>) = 0 [pid 6931] close(3 [pid 6935] set_robust_list(0x55557616a6a0, 24 [pid 6933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6935] <... set_robust_list resumed>) = 0 [pid 6935] chdir("./93") = 0 [pid 6933] <... openat resumed>) = 3 [pid 6931] <... close resumed>) = 0 [pid 6935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6931] close(4 [pid 6935] setpgid(0, 0 [pid 6933] write(3, "1000", 4 [pid 6931] <... close resumed>) = 0 [pid 6935] <... setpgid resumed>) = 0 [pid 6933] <... write resumed>) = 4 [pid 6931] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [ 435.778353][ T6931] loop1: detected capacity change from 0 to 4096 [pid 6935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6933] close(3 [pid 6931] <... mkdir resumed>) = 0 [pid 6935] write(3, "1000", 4 [pid 6933] <... close resumed>) = 0 [pid 6931] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6929] <... mount resumed>) = 0 [pid 6935] <... write resumed>) = 4 [pid 6933] symlink("/dev/binderfs", "./binderfs"executing program [pid 6935] close(3 [pid 6933] <... symlink resumed>) = 0 [pid 6929] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6933] write(1, "executing program\n", 18 [pid 6935] <... close resumed>) = 0 [pid 6929] <... openat resumed>) = 3 [pid 6933] <... write resumed>) = 18 [pid 6929] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6935] symlink("/dev/binderfs", "./binderfs" [pid 6933] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] <... chdir resumed>) = 0 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6935] <... symlink resumed>) = 0 [pid 6933] <... mmap resumed>) = 0x7f701fcf4000 [pid 6929] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6933] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6929] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 6935] write(1, "executing program\n", 18 [pid 6933] <... mprotect resumed>) = 0 [pid 6929] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... write resumed>) = 18 [pid 6929] <... futex resumed>) = 1 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... futex resumed>) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6935] <... futex resumed>) = 0 [pid 6929] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6928] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6933] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6928] <... futex resumed>) = 0 [pid 6928] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6935] <... mmap resumed>) = 0x7f701fcf4000 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6935] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6936 attached ) = 0 [pid 6933] <... clone3 resumed> => {parent_tid=[191]}, 88) = 191 [pid 6935] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6933] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6936] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6936] set_robust_list(0x7f701fd149a0, 24) = 0 ./strace-static-x86_64: Process 6937 attached [pid 6936] rt_sigprocmask(SIG_SETMASK, [], [pid 6935] <... clone3 resumed> => {parent_tid=[195]}, 88) = 195 [pid 6937] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6929] <... openat resumed>) = 4 [pid 6937] <... rseq resumed>) = 0 [pid 6936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6935] rt_sigprocmask(SIG_SETMASK, [], [pid 6929] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6937] rt_sigprocmask(SIG_SETMASK, [], [pid 6928] <... futex resumed>) = 0 [pid 6928] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6928] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6935] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6936] memfd_create("syzkaller", 0 [pid 6937] memfd_create("syzkaller", 0 [pid 6936] <... memfd_create resumed>) = 3 [pid 6929] <... futex resumed>) = 1 [pid 6937] <... memfd_create resumed>) = 3 [pid 6929] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6934] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6936] <... mmap resumed>) = 0x7f7017800000 [pid 6937] <... mmap resumed>) = 0x7f7017800000 [pid 6929] <... openat resumed>) = 5 [pid 6929] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6928] <... futex resumed>) = 0 [pid 6928] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6928] <... futex resumed>) = 0 [pid 6929] <... write resumed>) = 1116 [pid 6928] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6929] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6928] <... futex resumed>) = 0 [pid 6928] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6928] <... futex resumed>) = 0 [pid 6929] <... mmap resumed>) = 0x200000000000 [pid 6928] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6929] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6928] <... futex resumed>) = 0 [pid 6929] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6928] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6928] <... futex resumed>) = 0 [pid 6929] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6928] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6929] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6929] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6928] <... futex resumed>) = 0 [pid 6929] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6928] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6931] <... mount resumed>) = 0 [pid 6931] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6934] <... write resumed>) = 2097152 [pid 6931] <... openat resumed>) = 3 [pid 6934] munmap(0x7f7017800000, 138412032 [pid 6931] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6931] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6934] <... munmap resumed>) = 0 [pid 6931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6936] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6931] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6934] ioctl(4, LOOP_SET_FD, 3 [pid 6931] <... futex resumed>) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6931] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... futex resumed>) = 0 [pid 6930] <... futex resumed>) = 1 [pid 6931] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6930] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... write resumed>) = 2097152 [pid 6934] <... ioctl resumed>) = 0 [pid 6931] <... openat resumed>) = 4 [pid 6937] munmap(0x7f7017800000, 138412032 [pid 6931] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... munmap resumed>) = 0 [pid 6934] close(3 [pid 6931] <... futex resumed>) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6931] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6930] <... futex resumed>) = 0 [pid 6931] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6930] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... close resumed>) = 0 [pid 6934] close(4) = 0 [ 436.045891][ T6934] loop4: detected capacity change from 0 to 4096 [pid 6934] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6934] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6931] <... openat resumed>) = 5 [pid 6931] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6931] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6930] <... futex resumed>) = 0 [pid 6931] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6930] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6931] <... write resumed>) = 1116 [pid 6937] <... openat resumed>) = 4 [pid 6931] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... write resumed>) = 2097152 [pid 6937] ioctl(4, LOOP_SET_FD, 3 [pid 6936] munmap(0x7f7017800000, 138412032 [pid 6931] <... futex resumed>) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6930] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... ioctl resumed>) = 0 [pid 6930] <... futex resumed>) = 0 [pid 6937] close(3) = 0 [pid 6937] close(4) = 0 [pid 6930] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6931] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6937] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6931] <... mmap resumed>) = 0x200000000000 [pid 6931] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... munmap resumed>) = 0 [pid 6931] <... futex resumed>) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6931] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6930] <... futex resumed>) = 0 [pid 6931] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6930] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6931] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6931] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] <... futex resumed>) = 0 [pid 6931] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6930] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6930] <... futex resumed>) = 0 [pid 6931] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6936] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6930] ???( [pid 6936] <... openat resumed>) = 4 [ 436.130406][ T6937] loop2: detected capacity change from 0 to 4096 [pid 6936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6936] close(3) = 0 [pid 6936] close(4) = 0 [pid 6936] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 436.197754][ T6936] loop0: detected capacity change from 0 to 4096 [pid 6936] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6934] <... mount resumed>) = 0 [pid 6934] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6934] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6934] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6934] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6934] <... futex resumed>) = 0 [pid 6934] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6932] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... openat resumed>) = 4 [pid 6934] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6932] <... futex resumed>) = 0 [pid 6934] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6932] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... openat resumed>) = 5 [pid 6934] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6932] <... futex resumed>) = 0 [pid 6934] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6932] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... write resumed>) = 1116 [pid 6932] <... futex resumed>) = 0 [pid 6934] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... futex resumed>) = 0 [pid 6932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6934] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6932] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... mmap resumed>) = 0x200000000000 [pid 6932] <... futex resumed>) = 0 [pid 6934] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] <... futex resumed>) = 0 [pid 6932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6937] <... mount resumed>) = 0 [pid 6934] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6932] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6932] <... futex resumed>) = 0 [pid 6937] <... openat resumed>) = 3 [pid 6934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6932] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6934] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6937] <... chdir resumed>) = 0 [pid 6934] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6937] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6936] <... mount resumed>) = 0 [pid 6934] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6936] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6934] <... futex resumed>) = 1 [pid 6932] <... futex resumed>) = 0 [pid 6937] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] <... futex resumed>) = ? [pid 6932] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... futex resumed>) = 1 [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6934] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6936] <... openat resumed>) = 3 [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... futex resumed>) = 0 [pid 6936] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6935] <... futex resumed>) = 1 [pid 6937] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... chdir resumed>) = 0 [pid 6929] +++ killed by SIGSEGV (core dumped) +++ [pid 6928] +++ killed by SIGSEGV (core dumped) +++ [pid 6936] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=192, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6937] <... openat resumed>) = 4 [pid 6936] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... restart_syscall resumed>) = 0 [pid 6936] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6936] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6933] <... futex resumed>) = 1 [pid 6936] <... futex resumed>) = 0 [pid 6936] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6933] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", [pid 6937] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6937] <... futex resumed>) = 1 [pid 6935] <... futex resumed>) = 0 [pid 5871] getdents64(3, [pid 6937] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6937] <... futex resumed>) = 0 [pid 6935] <... futex resumed>) = 1 [pid 5871] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... openat resumed>) = 5 [pid 6936] <... openat resumed>) = 4 [pid 6937] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... futex resumed>) = 1 [pid 6936] <... futex resumed>) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6936] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] <... futex resumed>) = 0 [pid 6933] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] <... futex resumed>) = 0 [pid 6937] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6933] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... write resumed>) = 1116 [pid 6937] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6937] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6935] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... mmap resumed>) = 0x200000000000 [pid 6937] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6937] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] <... futex resumed>) = 0 [pid 6936] <... openat resumed>) = 5 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = 1 [pid 6935] <... futex resumed>) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6937] <... futex resumed>) = 0 [pid 6936] <... write resumed>) = 1116 [pid 6933] <... futex resumed>) = 0 [pid 6936] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6936] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6936] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6933] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6933] <... futex resumed>) = 0 [pid 6936] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6933] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6936] <... mmap resumed>) = 0x200000000000 [pid 6937] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6937] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6936] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... futex resumed>) = 0 [pid 6936] <... futex resumed>) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6935] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6933] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6935] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6936] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6936] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] <... futex resumed>) = 0 [pid 6936] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6933] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 6930] <... ??? resumed>) = ? [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./92/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./92") = 0 [pid 5871] mkdir("./93", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6931] +++ killed by SIGSEGV (core dumped) +++ [pid 6930] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=198, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5870] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6938 attached [pid 6938] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 194 [pid 6938] <... set_robust_list resumed>) = 0 [pid 6938] chdir("./93") = 0 [pid 6938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6938] setpgid(0, 0) = 0 [pid 6938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6938] write(3, "1000", 4) = 4 [pid 6938] close(3) = 0 [pid 6938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6938] write(1, "executing program\n", 18) = 18 [pid 6938] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6938] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6939 attached => {parent_tid=[195]}, 88) = 195 [pid 6939] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6938] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6939] <... rseq resumed>) = 0 [pid 6939] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6939] memfd_create("syzkaller", 0) = 3 [pid 6939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6932] <... futex resumed>) = ? [pid 6934] +++ killed by SIGSEGV (core dumped) +++ [pid 6932] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=192, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6933] <... futex resumed>) = ? [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6936] +++ killed by SIGSEGV (core dumped) +++ [pid 6933] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=190, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6939] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6935] <... futex resumed>) = ? [pid 6937] +++ killed by SIGSEGV (core dumped) +++ [pid 6935] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=194, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6939] <... write resumed>) = 2097152 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6939] munmap(0x7f7017800000, 138412032 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./92/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5870] rmdir("./92") = 0 [pid 5870] mkdir("./93", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6939] <... munmap resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6939] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6939] <... openat resumed>) = 4 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... openat resumed>) = 3 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6939] ioctl(4, LOOP_SET_FD, 3 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... ioctl resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./92/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./92") = 0 [pid 5868] mkdir("./93", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] umount2("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = 3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] close(3 [pid 6939] <... ioctl resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5869] <... umount2 resumed>) = 0 [pid 6939] close(3) = 0 [pid 6939] close(4) = 0 [pid 6939] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] newfstatat(4, "", [pid 6939] <... mkdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] getdents64(4, [pid 6939] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 5869] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x39\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", ./strace-static-x86_64: Process 6940 attached [ 437.024962][ T6939] loop3: detected capacity change from 0 to 4096 [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... close resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 200 [pid 6940] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6940] chdir("./93") = 0 [pid 6940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./92/binderfs", [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6940] setpgid(0, 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] unlink("./92/binderfs" [pid 5869] close(4 [pid 6940] <... setpgid resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 6940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] rmdir("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6940] <... openat resumed>) = 3 [pid 5872] getdents64(3, [pid 5869] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6941 attached [pid 6940] write(3, "1000", 4 [pid 5869] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6940] <... write resumed>) = 4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6940] close(3 [pid 5869] newfstatat(AT_FDCWD, "./93/binderfs", [pid 6941] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6941] <... set_robust_list resumed>) = 0 [pid 6940] <... close resumed>) = 0 executing program [pid 5872] close(3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6941] chdir("./93" [pid 6940] symlink("/dev/binderfs", "./binderfs" [pid 5872] <... close resumed>) = 0 [pid 5869] unlink("./93/binderfs" [pid 6941] <... chdir resumed>) = 0 [pid 6940] <... symlink resumed>) = 0 [pid 5872] rmdir("./92" [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 192 [pid 6941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6940] write(1, "executing program\n", 18 [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6941] <... prctl resumed>) = 0 [pid 6940] <... write resumed>) = 18 [pid 6941] setpgid(0, 0 [pid 5872] mkdir("./93", 0777 [pid 6941] <... setpgid resumed>) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6940] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(3 [pid 6940] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 6940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6940] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6942 attached [pid 6941] <... openat resumed>) = 3 [pid 5872] <... mkdir resumed>) = 0 [pid 5869] rmdir("./93" [pid 6942] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... rmdir resumed>) = 0 [pid 6941] write(3, "1000", 4 [pid 5869] mkdir("./94", 0777 [pid 6942] set_robust_list(0x7f701fd149a0, 24 [pid 6940] <... clone3 resumed> => {parent_tid=[201]}, 88) = 201 [pid 5872] <... openat resumed>) = 3 [pid 6942] <... set_robust_list resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 6942] rt_sigprocmask(SIG_SETMASK, [], [pid 6941] <... write resumed>) = 4 [pid 6940] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6941] close(3 [pid 6940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6942] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] <... close resumed>) = 0 [pid 6940] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... mount resumed>) = 0 [pid 5872] close(3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6941] symlink("/dev/binderfs", "./binderfs" [pid 6940] <... futex resumed>) = 0 [pid 6941] <... symlink resumed>) = 0 [pid 6940] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... ioctl resumed>) = 0 executing program [pid 5869] close(3 [pid 6941] write(1, "executing program\n", 18 [pid 6939] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6942] memfd_create("syzkaller", 0 [pid 6941] <... write resumed>) = 18 [pid 6939] <... openat resumed>) = 3 [pid 6941] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6941] <... futex resumed>) = 0 [pid 6939] <... chdir resumed>) = 0 [pid 6941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6939] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6941] <... mmap resumed>) = 0x7f701fcf4000 [pid 6939] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6941] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6939] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] <... mprotect resumed>) = 0 [pid 6939] <... futex resumed>) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6942] <... memfd_create resumed>) = 3 [pid 6941] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6938] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6941] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6939] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[193]}, 88) = 193 ./strace-static-x86_64: Process 6943 attached [pid 6942] <... mmap resumed>) = 0x7f7017800000 [pid 6941] rt_sigprocmask(SIG_SETMASK, [], [pid 6938] <... futex resumed>) = 0 [pid 6938] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6943] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6941] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... rseq resumed>) = 0 [pid 6941] <... futex resumed>) = 0 [pid 6941] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6943] set_robust_list(0x7f701fd149a0, 24 [pid 6939] <... openat resumed>) = 4 [pid 6943] <... set_robust_list resumed>) = 0 [pid 6943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6939] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6939] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6943] memfd_create("syzkaller", 0 [pid 6938] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 6938] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = 0 [pid 6938] <... futex resumed>) = 1 [pid 6939] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6938] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 6943] <... memfd_create resumed>) = 3 [pid 6939] <... openat resumed>) = 5 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6939] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6938] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... mmap resumed>) = 0x7f7017800000 [pid 6939] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6938] <... futex resumed>) = 0 [pid 6938] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6939] <... write resumed>) = 1116 ./strace-static-x86_64: Process 6944 attached [pid 6939] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6945 attached [pid 6944] set_robust_list(0x55557616a6a0, 24 [pid 6939] <... futex resumed>) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6944] <... set_robust_list resumed>) = 0 [pid 6942] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6939] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6938] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] set_robust_list(0x55557616a6a0, 24 [pid 6944] chdir("./93" [pid 6939] <... mmap resumed>) = 0x200000000000 [pid 6938] <... futex resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 194 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 196 [pid 6945] <... set_robust_list resumed>) = 0 [pid 6939] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6945] chdir("./94" [pid 6944] <... chdir resumed>) = 0 [pid 6939] <... futex resumed>) = 0 [pid 6938] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] <... chdir resumed>) = 0 [pid 6939] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6938] <... futex resumed>) = 0 [pid 6945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6939] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6938] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6945] <... prctl resumed>) = 0 [pid 6939] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] setpgid(0, 0 [pid 6944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6939] <... futex resumed>) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6945] <... setpgid resumed>) = 0 [pid 6944] <... prctl resumed>) = 0 [pid 6939] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6938] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6944] setpgid(0, 0 [pid 6945] write(3, "1000", 4) = 4 [pid 6944] <... setpgid resumed>) = 0 [pid 6944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6944] write(3, "1000", 4 [pid 6945] close(3) = 0 [pid 6944] <... write resumed>) = 4 [pid 6945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6944] close(3 [pid 6945] write(1, "executing program\n", 18executing program ) = 18 [pid 6944] <... close resumed>) = 0 executing program [pid 6945] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] symlink("/dev/binderfs", "./binderfs" [pid 6943] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6945] <... futex resumed>) = 0 [pid 6944] <... symlink resumed>) = 0 [pid 6944] write(1, "executing program\n", 18) = 18 [pid 6945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6945] <... mmap resumed>) = 0x7f701fcf4000 [pid 6944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6945] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6944] <... mmap resumed>) = 0x7f701fcf4000 [pid 6945] <... mprotect resumed>) = 0 [pid 6944] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6945] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6946 attached => {parent_tid=[195]}, 88) = 195 [pid 6944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6944] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6946] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6946] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6946] memfd_create("syzkaller", 0 [pid 6945] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6947 attached [pid 6946] <... memfd_create resumed>) = 3 [pid 6947] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6945] <... clone3 resumed> => {parent_tid=[197]}, 88) = 197 [pid 6947] <... rseq resumed>) = 0 [pid 6945] rt_sigprocmask(SIG_SETMASK, [], [pid 6947] set_robust_list(0x7f701fd149a0, 24 [pid 6945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6947] <... set_robust_list resumed>) = 0 [pid 6945] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] rt_sigprocmask(SIG_SETMASK, [], [pid 6945] <... futex resumed>) = 0 [pid 6947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6945] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6946] <... mmap resumed>) = 0x7f7017800000 [pid 6947] memfd_create("syzkaller", 0 [pid 6942] <... write resumed>) = 2097152 [pid 6942] munmap(0x7f7017800000, 138412032 [pid 6947] <... memfd_create resumed>) = 3 [pid 6942] <... munmap resumed>) = 0 [pid 6947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6942] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6946] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6943] <... write resumed>) = 2097152 [pid 6942] close(3) = 0 [pid 6942] close(4) = 0 [pid 6942] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6943] munmap(0x7f7017800000, 138412032 [ 437.392179][ T6942] loop1: detected capacity change from 0 to 4096 [pid 6942] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6943] <... munmap resumed>) = 0 [pid 6947] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6943] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6946] <... write resumed>) = 2097152 [pid 6943] <... openat resumed>) = 4 [pid 6943] ioctl(4, LOOP_SET_FD, 3 [pid 6946] munmap(0x7f7017800000, 138412032 [pid 6943] <... ioctl resumed>) = 0 [pid 6943] close(3) = 0 [pid 6943] close(4 [pid 6946] <... munmap resumed>) = 0 [pid 6943] <... close resumed>) = 0 [pid 6943] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6943] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6946] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 437.487599][ T6943] loop0: detected capacity change from 0 to 4096 [pid 6946] ioctl(4, LOOP_SET_FD, 3 [pid 6947] <... write resumed>) = 2097152 [pid 6947] munmap(0x7f7017800000, 138412032 [pid 6946] <... ioctl resumed>) = 0 [pid 6946] close(3) = 0 [pid 6946] close(4) = 0 [pid 6946] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 437.539378][ T6946] loop4: detected capacity change from 0 to 4096 [pid 6946] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6947] <... munmap resumed>) = 0 [pid 6947] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6947] close(3) = 0 [pid 6947] close(4) = 0 [pid 6947] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6938] <... futex resumed>) = ? [pid 6947] <... mkdir resumed>) = 0 [pid 6947] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6942] <... mount resumed>) = 0 [pid 6942] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6942] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6942] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6942] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6940] <... futex resumed>) = 0 [pid 6942] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [ 437.623472][ T6947] loop2: detected capacity change from 0 to 4096 [pid 6940] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6940] <... futex resumed>) = 0 [pid 6942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6940] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6939] +++ killed by SIGSEGV (core dumped) +++ [pid 6938] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=194, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5871] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6942] <... openat resumed>) = 4 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6942] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6942] <... futex resumed>) = 1 [pid 6940] <... futex resumed>) = 0 [pid 6942] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6940] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 3 [pid 6940] <... futex resumed>) = 0 [pid 5871] newfstatat(3, "", [pid 6940] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6942] <... openat resumed>) = 5 [pid 6943] <... mount resumed>) = 0 [pid 6943] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6942] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... openat resumed>) = 3 [pid 6942] <... futex resumed>) = 1 [pid 6940] <... futex resumed>) = 0 [pid 6940] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6942] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6940] <... futex resumed>) = 0 [pid 6943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6942] <... write resumed>) = 1116 [pid 6940] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6943] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... futex resumed>) = 1 [pid 6942] <... futex resumed>) = 1 [pid 6940] <... futex resumed>) = 0 [pid 6943] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] <... futex resumed>) = 0 [pid 6940] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] <... futex resumed>) = 0 [pid 6941] <... futex resumed>) = 1 [pid 6943] <... futex resumed>) = 0 [pid 6941] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6940] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6943] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6942] <... mmap resumed>) = 0x200000000000 [pid 6942] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6940] <... futex resumed>) = 0 [pid 6942] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6940] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6940] <... futex resumed>) = 0 [pid 6940] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6942] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6940] <... futex resumed>) = 0 [pid 6946] <... mount resumed>) = 0 [pid 6946] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6946] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6940] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6943] <... openat resumed>) = 4 [pid 6942] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6941] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6940] <... futex resumed>) = 0 [pid 6946] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6943] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6946] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6946] <... futex resumed>) = 1 [pid 6941] <... mmap resumed>) = 0x7f701fcd3000 [pid 6946] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6944] <... futex resumed>) = 0 [pid 6943] <... futex resumed>) = 0 [pid 6941] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 6946] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6944] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] <... mprotect resumed>) = 0 [pid 6944] <... futex resumed>) = 0 [pid 6941] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6946] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6941] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 6948 attached => {parent_tid=[194]}, 88) = 194 [pid 6948] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 6941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6941] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6948] <... rseq resumed>) = 0 [pid 6941] <... futex resumed>) = 0 [pid 6948] set_robust_list(0x7f701fcf39a0, 24 [pid 6941] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... set_robust_list resumed>) = 0 [pid 6948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6948] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6946] <... openat resumed>) = 4 [pid 6946] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6944] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] <... futex resumed>) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6948] <... futex resumed>) = 1 [pid 6946] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6941] <... futex resumed>) = 0 [pid 6948] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... mount resumed>) = 0 [pid 6946] <... openat resumed>) = 5 [pid 6943] <... futex resumed>) = 0 [pid 6941] <... futex resumed>) = 1 [pid 6946] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] <... futex resumed>) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6944] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6943] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6946] <... write resumed>) = 1116 [pid 6946] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6944] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] <... write resumed>) = 1116 [pid 6947] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6944] <... futex resumed>) = 0 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6947] <... openat resumed>) = 3 [pid 6946] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6943] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6946] <... mmap resumed>) = 0x200000000000 [pid 6943] <... futex resumed>) = 1 [pid 6941] <... futex resumed>) = 0 [pid 6941] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] <... chdir resumed>) = 0 [pid 6946] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6943] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6941] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] <... futex resumed>) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6943] <... mmap resumed>) = 0x200000000000 [pid 6946] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6944] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6944] <... futex resumed>) = 0 [pid 6946] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6946] <... futex resumed>) = 0 [pid 6944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6946] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6944] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6943] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6943] <... futex resumed>) = 1 [pid 6941] <... futex resumed>) = 0 [pid 6943] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6947] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6943] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6945] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6945] <... futex resumed>) = 0 [pid 6943] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5871] <... umount2 resumed>) = 0 [pid 6945] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6943] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 6943] <... futex resumed>) = 1 [pid 6941] <... futex resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6941] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] getdents64(4, [pid 6941] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6943] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5871] close(4) = 0 [pid 6947] <... openat resumed>) = 4 [pid 5871] rmdir("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 6947] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6947] <... futex resumed>) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6947] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6945] <... futex resumed>) = 0 [pid 6947] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6945] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6947] <... openat resumed>) = 5 [pid 5871] unlink("./93/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./93") = 0 [pid 5871] mkdir("./94", 0777) = 0 [pid 6947] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6947] <... futex resumed>) = 1 [pid 6945] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6947] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6945] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6947] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116./strace-static-x86_64: Process 6949 attached [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 196 [pid 6947] <... write resumed>) = 1116 [pid 6947] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] set_robust_list(0x55557616a6a0, 24 [pid 6947] <... futex resumed>) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6949] <... set_robust_list resumed>) = 0 [pid 6945] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6949] chdir("./94" [pid 6947] <... mmap resumed>) = 0x200000000000 [pid 6947] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] <... futex resumed>) = 0 [pid 6945] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6947] <... futex resumed>) = 0 [pid 6949] <... chdir resumed>) = 0 [pid 6949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6949] setpgid(0, 0 [pid 6947] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6945] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6945] <... futex resumed>) = 0 [pid 6949] <... setpgid resumed>) = 0 [pid 6947] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6945] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 6949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6947] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6949] <... openat resumed>) = 3 [pid 6949] write(3, "1000", 4) = 4 [pid 6949] close(3) = 0 [pid 6949] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6949] write(1, "executing program\n", 18) = 18 [pid 6949] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6949] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6949] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6947] <... futex resumed>) = 1 [pid 6945] <... futex resumed>) = 0 [pid 6947] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6945] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6949] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[197]}, 88) = 197 [pid 6949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6949] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6950 attached [pid 6950] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6950] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6950] memfd_create("syzkaller", 0) = 3 [pid 6950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6950] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6950] munmap(0x7f7017800000, 138412032 [pid 6942] +++ killed by SIGSEGV (core dumped) +++ [pid 6940] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=200, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 6950] <... munmap resumed>) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6950] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5870] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6950] close(3) = 0 [pid 6950] close(4) = 0 [pid 6950] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6950] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6945] <... futex resumed>) = ? [pid 6944] <... futex resumed>) = ? [ 438.281705][ T6950] loop3: detected capacity change from 0 to 4096 [pid 6947] +++ killed by SIGSEGV (core dumped) +++ [pid 6946] +++ killed by SIGSEGV (core dumped) +++ [pid 6945] +++ killed by SIGSEGV (core dumped) +++ [pid 6944] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=194, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=196, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5872] <... restart_syscall resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... openat resumed>) = 3 [pid 5869] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] newfstatat(3, "", [pid 5869] <... openat resumed>) = 3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] newfstatat(3, "", [pid 5872] getdents64(3, [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] getdents64(3, [pid 5872] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6948] <... futex resumed>) = ? [pid 6948] +++ killed by SIGSEGV (core dumped) +++ [pid 6941] <... futex resumed>) = ? [pid 6943] +++ killed by SIGSEGV (core dumped) +++ [pid 6941] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=192, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] <... mount resumed>) = 0 [pid 6950] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6950] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6950] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6950] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] <... futex resumed>) = 0 [pid 6950] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6949] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6949] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] <... openat resumed>) = 4 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6950] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 4 [pid 6949] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(4, "", [pid 6949] <... futex resumed>) = 0 [pid 6950] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6949] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 6950] <... openat resumed>) = 5 [pid 5870] getdents64(4, [pid 6950] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6949] <... futex resumed>) = 0 [pid 5870] close(4 [pid 6949] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 6949] <... futex resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6949] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6950] <... futex resumed>) = 1 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5870] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5869] <... umount2 resumed>) = 0 [pid 6950] <... write resumed>) = 1116 [pid 6950] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6949] <... futex resumed>) = 0 [pid 6950] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6949] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6949] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6950] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6949] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6950] <... mmap resumed>) = 0x200000000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6950] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6950] <... futex resumed>) = 1 [pid 6949] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6949] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6949] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... openat resumed>) = 4 [pid 6949] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(4, "", [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6950] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 5872] <... openat resumed>) = 4 [pid 6950] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] getdents64(4, [pid 5872] newfstatat(4, "", [pid 6950] <... futex resumed>) = 1 [pid 6949] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6949] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(4, [pid 5869] getdents64(4, [pid 6949] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6949] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] getdents64(4, [pid 5869] close(4 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 5869] <... close resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] rmdir("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... rmdir resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5872] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] unlink("./93/binderfs" [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6950] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] unlink("./94/binderfs" [pid 5872] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5870] <... unlink resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] getdents64(3, [pid 5869] getdents64(3, [pid 5872] unlink("./93/binderfs" [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 5869] rmdir("./94" [pid 5870] close(3 [pid 5872] getdents64(3, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] close(3 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] rmdir("./93" [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./93" [pid 5869] <... rmdir resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] mkdir("./95", 0777 [pid 5872] <... rmdir resumed>) = 0 [pid 5870] mkdir("./94", 0777 [pid 5869] <... mkdir resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] mkdir("./94", 0777 [pid 5870] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] <... openat resumed>) = 3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... mkdir resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5869] <... ioctl resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] close(3 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] <... ioctl resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5872] <... openat resumed>) = 3 [pid 5870] close(3 [pid 5868] newfstatat(4, "", [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5870] <... close resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... close resumed>) = 0 [pid 5868] getdents64(4, [pid 5872] close(3 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4./strace-static-x86_64: Process 6951 attached [pid 6951] set_robust_list(0x55557616a6a0, 24) = 0 ./strace-static-x86_64: Process 6952 attached [pid 6951] chdir("./94" [pid 5868] <... close resumed>) = 0 [pid 6951] <... chdir resumed>) = 0 [pid 6951] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] rmdir("\x2e\x2f\x39\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6951] <... prctl resumed>) = 0 [pid 6951] setpgid(0, 0) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6951] <... openat resumed>) = 3 [pid 6952] set_robust_list(0x55557616a6a0, 24 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 202 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./93/binderfs", [pid 6952] <... set_robust_list resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 198 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6952] chdir("./95" [pid 6951] write(3, "1000", 4 [pid 5868] unlink("./93/binderfs" [pid 6952] <... chdir resumed>) = 0 [pid 6951] <... write resumed>) = 4 [pid 6951] close(3) = 0 [pid 6951] symlink("/dev/binderfs", "./binderfs" [pid 6952] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... unlink resumed>) = 0 executing program [pid 6952] <... prctl resumed>) = 0 [pid 6951] <... symlink resumed>) = 0 [pid 5868] getdents64(3, [pid 6951] write(1, "executing program\n", 18) = 18 [pid 6951] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6951] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6952] setpgid(0, 0 [pid 6951] <... mprotect resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6952] <... setpgid resumed>) = 0 [pid 6951] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] close(3 [pid 6951] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6951] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] <... close resumed>) = 0 [pid 6951] <... clone3 resumed> => {parent_tid=[203]}, 88) = 203 [pid 5868] rmdir("./93"./strace-static-x86_64: Process 6953 attached [pid 6951] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... rmdir resumed>) = 0 [pid 6951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] mkdir("./94", 0777 [pid 6951] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6953] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... mkdir resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6953] <... rseq resumed>) = 0 [pid 6953] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6952] <... openat resumed>) = 3 [pid 6953] rt_sigprocmask(SIG_SETMASK, [], [pid 6952] write(3, "1000", 4 [pid 5868] <... openat resumed>) = 3 [pid 6953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6952] <... write resumed>) = 4 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 6952] close(3 [pid 5868] <... ioctl resumed>) = 0 [pid 6952] <... close resumed>) = 0 [pid 6952] symlink("/dev/binderfs", "./binderfs" [pid 5868] close(3executing program [pid 6953] memfd_create("syzkaller", 0 [pid 6952] <... symlink resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... close resumed>) = 0 [pid 6952] write(1, "executing program\n", 18 [pid 6953] <... memfd_create resumed>) = 3 [pid 6953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 6954 attached [pid 6952] <... write resumed>) = 18 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6952] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6955 attached [pid 6954] set_robust_list(0x55557616a6a0, 24 [pid 6952] <... futex resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 196 [pid 6955] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 195 [pid 6954] <... set_robust_list resumed>) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6955] <... set_robust_list resumed>) = 0 [pid 6954] chdir("./94" [pid 6952] <... mmap resumed>) = 0x7f701fcf4000 [pid 6952] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6954] <... chdir resumed>) = 0 [pid 6954] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6952] <... mprotect resumed>) = 0 [pid 6954] <... prctl resumed>) = 0 [pid 6954] setpgid(0, 0 [pid 6955] chdir("./94" [pid 6954] <... setpgid resumed>) = 0 [pid 6954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6952] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6954] <... openat resumed>) = 3 [pid 6952] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6954] write(3, "1000", 4 [pid 6952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6955] <... chdir resumed>) = 0 [pid 6955] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6954] <... write resumed>) = 4 [pid 6954] close(3) = 0 [pid 6954] symlink("/dev/binderfs", "./binderfs"executing program [pid 6955] <... prctl resumed>) = 0 [pid 6954] <... symlink resumed>) = 0 [pid 6954] write(1, "executing program\n", 18) = 18 [pid 6955] setpgid(0, 0./strace-static-x86_64: Process 6956 attached ) = 0 [pid 6952] <... clone3 resumed> => {parent_tid=[199]}, 88) = 199 [pid 6956] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6954] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] <... rseq resumed>) = 0 [pid 6955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6952] rt_sigprocmask(SIG_SETMASK, [], [pid 6956] set_robust_list(0x7f701fd149a0, 24 [pid 6955] <... openat resumed>) = 3 [pid 6954] <... mmap resumed>) = 0x7f701fcf4000 [pid 6956] <... set_robust_list resumed>) = 0 [pid 6955] write(3, "1000", 4 [pid 6954] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6955] <... write resumed>) = 4 [pid 6954] <... mprotect resumed>) = 0 [pid 6952] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6955] close(3 [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6952] <... futex resumed>) = 0 [pid 6954] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6952] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6955] <... close resumed>) = 0 ./strace-static-x86_64: Process 6957 attached [pid 6956] memfd_create("syzkaller", 0 [pid 6955] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6957] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6955] write(1, "executing program\n", 18 [pid 6954] <... clone3 resumed> => {parent_tid=[197]}, 88) = 197 [pid 6957] <... rseq resumed>) = 0 [pid 6957] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], [pid 6957] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6954] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6957] memfd_create("syzkaller", 0 [pid 6955] <... write resumed>) = 18 [pid 6954] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6956] <... memfd_create resumed>) = 3 [pid 6955] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] <... memfd_create resumed>) = 3 [pid 6955] <... futex resumed>) = 0 [pid 6956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6956] <... mmap resumed>) = 0x7f7017800000 [pid 6955] <... mmap resumed>) = 0x7f701fcf4000 [pid 6957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6953] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6957] <... mmap resumed>) = 0x7f7017800000 [pid 6955] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6958 attached => {parent_tid=[196]}, 88) = 196 [pid 6955] rt_sigprocmask(SIG_SETMASK, [], [pid 6958] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6955] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6955] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6958] <... rseq resumed>) = 0 [pid 6958] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6958] memfd_create("syzkaller", 0) = 3 [pid 6958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6956] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6953] <... write resumed>) = 2097152 [pid 6957] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6953] munmap(0x7f7017800000, 138412032) = 0 [pid 6949] <... futex resumed>) = ? [pid 6953] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6950] +++ killed by SIGSEGV (core dumped) +++ [pid 6949] +++ killed by SIGSEGV (core dumped) +++ [pid 6953] <... openat resumed>) = 4 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=196, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 6953] ioctl(4, LOOP_SET_FD, 3 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 6956] <... write resumed>) = 2097152 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6958] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6956] munmap(0x7f7017800000, 138412032 [pid 6953] <... ioctl resumed>) = 0 [pid 6957] <... write resumed>) = 2097152 [pid 6956] <... munmap resumed>) = 0 [pid 6953] close(3) = 0 [pid 6953] close(4) = 0 [pid 6953] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6953] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6957] munmap(0x7f7017800000, 138412032 [pid 6956] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 438.928945][ T6953] loop1: detected capacity change from 0 to 4096 [pid 6956] ioctl(4, LOOP_SET_FD, 3 [pid 6957] <... munmap resumed>) = 0 [pid 6957] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6956] <... ioctl resumed>) = 0 [pid 6957] <... openat resumed>) = 4 [pid 6956] close(3 [pid 6957] ioctl(4, LOOP_SET_FD, 3 [pid 6956] <... close resumed>) = 0 [pid 6956] close(4) = 0 [pid 6956] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6956] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6958] <... write resumed>) = 2097152 [pid 6958] munmap(0x7f7017800000, 138412032) = 0 [ 438.973349][ T6956] loop2: detected capacity change from 0 to 4096 [ 438.996382][ T6957] loop4: detected capacity change from 0 to 4096 [pid 6958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6957] <... ioctl resumed>) = 0 [pid 6957] close(3 [pid 6958] close(3 [pid 6957] <... close resumed>) = 0 [pid 6958] <... close resumed>) = 0 [pid 6957] close(4) = 0 [pid 6958] close(4) = 0 [pid 6957] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6958] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6957] <... mkdir resumed>) = 0 [pid 6958] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 439.024695][ T6958] loop0: detected capacity change from 0 to 4096 [pid 6957] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./94/binderfs", [pid 6953] <... mount resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6953] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] unlink("./94/binderfs" [pid 6953] <... openat resumed>) = 3 [pid 5871] <... unlink resumed>) = 0 [pid 6953] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6953] <... chdir resumed>) = 0 [pid 5871] close(3 [pid 6953] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./94" [pid 6953] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... rmdir resumed>) = 0 [pid 6953] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6951] <... futex resumed>) = 0 [pid 5871] mkdir("./95", 0777 [pid 6953] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6951] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... mkdir resumed>) = 0 [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6953] <... openat resumed>) = 4 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 6957] <... mount resumed>) = 0 [pid 6953] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6953] <... futex resumed>) = 1 [pid 6951] <... futex resumed>) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 6951] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6951] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... openat resumed>) = 3 [pid 6953] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5871] close(3 [pid 6957] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6953] <... openat resumed>) = 5 [pid 6957] <... chdir resumed>) = 0 [pid 6957] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6953] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6951] <... futex resumed>) = 0 [pid 6953] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6951] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6953] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6956] <... mount resumed>) = 0 [pid 6956] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6953] <... write resumed>) = 1116 [pid 6956] <... openat resumed>) = 3 [pid 6956] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6956] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6957] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6956] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6952] <... futex resumed>) = 0 [pid 6953] <... futex resumed>) = 1 [pid 6957] <... futex resumed>) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6952] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] <... futex resumed>) = 0 [pid 6956] <... futex resumed>) = 0 [pid 6954] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] <... futex resumed>) = 1 [pid 6951] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6956] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6954] <... futex resumed>) = 0 [pid 6953] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6952] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... futex resumed>) = 0 [pid 6954] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] <... mmap resumed>) = 0x200000000000 [pid 6951] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6953] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6951] <... futex resumed>) = 0 [pid 6951] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6951] <... futex resumed>) = 0 [pid 6953] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6951] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... openat resumed>) = 4 [pid 6953] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6951] <... futex resumed>) = 0 [pid 6953] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6951] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] <... openat resumed>) = 4 [pid 6957] <... futex resumed>) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6958] <... mount resumed>) = 0 [pid 6957] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6954] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6956] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6956] <... futex resumed>) = 1 [pid 6952] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6952] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... openat resumed>) = 5 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6958] <... openat resumed>) = 3 [pid 6956] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6958] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6958] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6958] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6959 attached [pid 6957] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] <... openat resumed>) = 5 [pid 6955] <... futex resumed>) = 0 [pid 6959] set_robust_list(0x55557616a6a0, 24 [pid 6957] <... futex resumed>) = 1 [pid 6955] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 198 [pid 6954] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] <... set_robust_list resumed>) = 0 [pid 6958] <... futex resumed>) = 0 [pid 6957] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6956] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 1 [pid 6958] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6959] chdir("./95" [pid 6957] <... write resumed>) = 1116 [pid 6956] <... futex resumed>) = 1 [pid 6955] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] <... futex resumed>) = 0 [pid 6959] <... chdir resumed>) = 0 [pid 6957] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6952] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6957] <... futex resumed>) = 1 [pid 6956] <... write resumed>) = 1116 [pid 6954] <... futex resumed>) = 0 [pid 6952] <... futex resumed>) = 0 [pid 6959] <... prctl resumed>) = 0 [pid 6957] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6956] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... mmap resumed>) = 0x200000000000 [pid 6956] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 0 [pid 6952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6956] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6954] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6952] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] <... mmap resumed>) = 0x200000000000 [pid 6952] <... futex resumed>) = 0 [pid 6959] setpgid(0, 0 [pid 6957] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] <... setpgid resumed>) = 0 [pid 6957] <... futex resumed>) = 1 [pid 6956] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 0 [pid 6952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6957] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6956] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... openat resumed>) = 3 [pid 6957] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6952] <... futex resumed>) = 0 [pid 6959] write(3, "1000", 4 [pid 6957] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6954] <... futex resumed>) = 0 [pid 6952] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] <... write resumed>) = 4 [pid 6957] <... futex resumed>) = 0 [pid 6956] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6954] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] close(3) = 0 [pid 6957] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6956] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6959] symlink("/dev/binderfs", "./binderfs" [pid 6957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6956] <... futex resumed>) = 1 [pid 6954] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] <... futex resumed>) = 0 [pid 6959] <... symlink resumed>) = 0 [pid 6957] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6956] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] <... futex resumed>) = 0 [pid 6952] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] write(1, "executing program\n", 18 [pid 6955] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6952] <... futex resumed>) = 0 executing program [pid 6959] <... write resumed>) = 18 [pid 6956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6955] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6959] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... openat resumed>) = 4 [pid 6956] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6955] <... futex resumed>) = 0 [pid 6959] <... futex resumed>) = 0 [pid 6955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6955] <... mmap resumed>) = 0x7f701fcd3000 [pid 6959] <... mmap resumed>) = 0x7f701fcf4000 [pid 6955] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 6959] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6955] <... mprotect resumed>) = 0 [pid 6959] <... mprotect resumed>) = 0 [pid 6955] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6959] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6958] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6959] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6958] <... futex resumed>) = 0 [pid 6955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} [pid 6959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6958] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6955] <... clone3 resumed> => {parent_tid=[197]}, 88) = 197 ./strace-static-x86_64: Process 6961 attached ./strace-static-x86_64: Process 6960 attached [pid 6959] <... clone3 resumed> => {parent_tid=[199]}, 88) = 199 [pid 6955] rt_sigprocmask(SIG_SETMASK, [], [pid 6960] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 6959] rt_sigprocmask(SIG_SETMASK, [], [pid 6955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6955] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... rseq resumed>) = 0 [pid 6959] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = 0 [pid 6960] set_robust_list(0x7f701fcf39a0, 24) = 0 [pid 6960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6960] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6959] <... futex resumed>) = 0 [pid 6955] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6959] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6961] <... rseq resumed>) = 0 [pid 6961] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6960] <... openat resumed>) = 5 [pid 6961] memfd_create("syzkaller", 0 [pid 6960] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6955] <... futex resumed>) = 0 [pid 6955] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] <... memfd_create resumed>) = 3 [pid 6958] <... futex resumed>) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6958] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6955] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] <... write resumed>) = 1116 [pid 6961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6958] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6961] <... mmap resumed>) = 0x7f7017800000 [pid 6960] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6958] <... futex resumed>) = 1 [pid 6955] <... futex resumed>) = 0 [pid 6958] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6955] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... futex resumed>) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6958] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6955] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6958] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6955] <... futex resumed>) = 0 [pid 6955] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6955] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] <... futex resumed>) = 0 [pid 6958] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6958] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6958] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6955] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... futex resumed>) = 0 [pid 6955] <... futex resumed>) = 1 [pid 6958] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6955] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6951] <... futex resumed>) = ? [pid 6953] +++ killed by SIGSEGV (core dumped) +++ [pid 6951] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=202, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6961] <... write resumed>) = 2097152 [pid 6961] munmap(0x7f7017800000, 138412032) = 0 [pid 6961] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6961] close(3) = 0 [pid 6961] close(4) = 0 [pid 6961] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6957] +++ killed by SIGSEGV (core dumped) +++ [pid 6954] +++ killed by SIGSEGV (core dumped) +++ [pid 6961] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=196, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 439.673296][ T6961] loop3: detected capacity change from 0 to 4096 [pid 5872] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6952] <... futex resumed>) = ? [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./94/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 6956] +++ killed by SIGSEGV (core dumped) +++ [pid 6952] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./94" [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=198, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./95", 0777 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] <... openat resumed>) = 3 [pid 5869] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5870] close(3 [pid 6961] <... mount resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 6961] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6961] <... openat resumed>) = 3 [pid 5869] getdents64(3, [pid 6961] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6961] <... chdir resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6961] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6961] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6961] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 6961] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6961] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6961] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6961] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6955] <... futex resumed>) = ? [pid 6961] <... mmap resumed>) = 0x200000000000 [pid 6961] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] <... futex resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6962 attached [pid 6959] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6962] set_robust_list(0x55557616a6a0, 24 [pid 6961] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 5872] <... umount2 resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 204 [pid 6962] <... set_robust_list resumed>) = 0 [pid 6962] chdir("./95" [pid 6961] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] <... futex resumed>) = 0 [pid 6961] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6959] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] <... chdir resumed>) = 0 [pid 6962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6962] setpgid(0, 0) = 0 [pid 6962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6962] write(3, "1000", 4 [pid 5872] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6962] <... write resumed>) = 4 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6962] close(3) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6962] write(1, "executing program\n", 18) = 18 [pid 6962] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] newfstatat(4, "", [pid 6962] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] getdents64(4, [pid 6962] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6960] <... futex resumed>) = ? [pid 5872] getdents64(4, [pid 6962] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6962] <... mprotect resumed>) = 0 [pid 6960] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] close(4 [pid 6958] +++ killed by SIGSEGV (core dumped) +++ [pid 6955] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=195, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5872] <... close resumed>) = 0 [pid 6962] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] rmdir("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6962] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5872] <... rmdir resumed>) = 0 [pid 6962] <... clone3 resumed> => {parent_tid=[205]}, 88) = 205 [pid 5872] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6962] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6963 attached [pid 6962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6962] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... openat resumed>) = 3 [pid 6962] <... futex resumed>) = 0 [pid 5868] newfstatat(3, "", [pid 6962] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] getdents64(3, [pid 5872] unlink("./94/binderfs" [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6963] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5872] <... unlink resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6963] <... rseq resumed>) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./94" [pid 6963] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 6963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] mkdir("./95", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 6963] memfd_create("syzkaller", 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 6963] <... memfd_create resumed>) = 3 [pid 6963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./95/binderfs"./strace-static-x86_64: Process 6964 attached ) = 0 [pid 5869] getdents64(3, [pid 6963] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 6964] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./95") = 0 [pid 6964] <... set_robust_list resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 198 [pid 6964] chdir("./95" [pid 5869] mkdir("./96", 0777 [pid 6964] <... chdir resumed>) = 0 [pid 6964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6964] setpgid(0, 0 [pid 5869] <... mkdir resumed>) = 0 [pid 6964] <... setpgid resumed>) = 0 [pid 6964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6964] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6964] write(3, "1000", 4 [pid 5869] <... ioctl resumed>) = 0 [pid 6964] <... write resumed>) = 4 [pid 5869] close(3executing program [pid 6964] close(3) = 0 [pid 6964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6964] write(1, "executing program\n", 18) = 18 [pid 6964] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6964] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[199]}, 88) = 199 [pid 6964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6964] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6964] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6965 attached [pid 5868] <... umount2 resumed>) = 0 [pid 6965] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5868] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6965] <... rseq resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6965] set_robust_list(0x7f701fd149a0, 24 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", [pid 6965] <... set_robust_list resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 6965] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x39\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./94/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./94") = 0 [pid 5868] mkdir("./95", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... openat resumed>) = 3 [pid 6965] memfd_create("syzkaller", 0 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6965] <... memfd_create resumed>) = 3 [pid 6965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... close resumed>) = 0 [pid 6965] <... mmap resumed>) = 0x7f7017800000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... close resumed>) = 0 ./strace-static-x86_64: Process 6966 attached [pid 6963] <... write resumed>) = 2097152 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 200 [pid 6966] set_robust_list(0x55557616a6a0, 24 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6963] munmap(0x7f7017800000, 138412032 [pid 6966] <... set_robust_list resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 198 [pid 6966] chdir("./96"./strace-static-x86_64: Process 6967 attached [pid 6963] <... munmap resumed>) = 0 [pid 6966] <... chdir resumed>) = 0 [pid 6967] set_robust_list(0x55557616a6a0, 24 [pid 6966] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6967] <... set_robust_list resumed>) = 0 [pid 6966] <... prctl resumed>) = 0 [pid 6966] setpgid(0, 0 [pid 6967] chdir("./95" [pid 6966] <... setpgid resumed>) = 0 [pid 6966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6967] <... chdir resumed>) = 0 [pid 6965] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6963] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6967] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6966] <... openat resumed>) = 3 [pid 6963] <... openat resumed>) = 4 [pid 6966] write(3, "1000", 4 [pid 6967] <... prctl resumed>) = 0 [pid 6966] <... write resumed>) = 4 [pid 6963] ioctl(4, LOOP_SET_FD, 3 [pid 6967] setpgid(0, 0 [pid 6966] close(3executing program [pid 6967] <... setpgid resumed>) = 0 [pid 6966] <... close resumed>) = 0 [pid 6966] symlink("/dev/binderfs", "./binderfs" [pid 6967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6966] <... symlink resumed>) = 0 [pid 6967] <... openat resumed>) = 3 [pid 6966] write(1, "executing program\n", 18) = 18 [pid 6967] write(3, "1000", 4) = 4 [pid 6966] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... ioctl resumed>) = 0 [pid 6967] close(3 [pid 6966] <... futex resumed>) = 0 [pid 6967] <... close resumed>) = 0 [pid 6966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6963] close(3 [pid 6967] symlink("/dev/binderfs", "./binderfs" [pid 6966] <... mmap resumed>) = 0x7f701fcf4000 [pid 6963] <... close resumed>) = 0 [pid 6967] <... symlink resumed>) = 0 executing program [pid 6963] close(4 [pid 6966] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6967] write(1, "executing program\n", 18 [pid 6963] <... close resumed>) = 0 [pid 6967] <... write resumed>) = 18 [pid 6966] <... mprotect resumed>) = 0 [pid 6965] <... write resumed>) = 2097152 [pid 6963] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6959] <... futex resumed>) = ? [pid 6967] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6963] <... mkdir resumed>) = 0 [pid 6967] <... futex resumed>) = 0 [pid 6963] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6966] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6967] <... mmap resumed>) = 0x7f701fcf4000 [pid 6966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6968 attached [pid 6967] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6966] <... clone3 resumed> => {parent_tid=[201]}, 88) = 201 [pid 6967] <... mprotect resumed>) = 0 [pid 6966] rt_sigprocmask(SIG_SETMASK, [], [pid 6965] munmap(0x7f7017800000, 138412032 [pid 6968] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6967] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6966] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 440.257735][ T6963] loop1: detected capacity change from 0 to 4096 [pid 6968] <... rseq resumed>) = 0 [pid 6967] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6966] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... munmap resumed>) = 0 [pid 6961] +++ killed by SIGSEGV (core dumped) +++ [pid 6959] +++ killed by SIGSEGV (core dumped) +++ [pid 6968] set_robust_list(0x7f701fd149a0, 24 [pid 6967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6966] <... futex resumed>) = 0 [pid 6968] <... set_robust_list resumed>) = 0 [pid 6966] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6968] rt_sigprocmask(SIG_SETMASK, [], [pid 6967] <... clone3 resumed> => {parent_tid=[199]}, 88) = 199 [pid 6968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6967] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=198, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- ./strace-static-x86_64: Process 6969 attached [pid 6968] memfd_create("syzkaller", 0 [pid 6967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6969] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6968] <... memfd_create resumed>) = 3 [pid 6967] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... rseq resumed>) = 0 [pid 6968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6967] <... futex resumed>) = 0 [pid 6969] set_robust_list(0x7f701fd149a0, 24 [pid 6968] <... mmap resumed>) = 0x7f7017800000 [pid 6969] <... set_robust_list resumed>) = 0 [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6969] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6969] memfd_create("syzkaller", 0 [pid 5871] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6969] <... memfd_create resumed>) = 3 [pid 5871] <... openat resumed>) = 3 [pid 6969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6965] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6965] close(3) = 0 [pid 6965] close(4) = 0 [pid 6965] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6965] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6968] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6969] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6963] <... mount resumed>) = 0 [ 440.359744][ T6965] loop4: detected capacity change from 0 to 4096 [pid 6963] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6963] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6963] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6963] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6962] <... futex resumed>) = 0 [pid 6963] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6962] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6963] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6962] <... futex resumed>) = 0 [pid 6962] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6963] <... openat resumed>) = 4 [pid 6963] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6962] <... futex resumed>) = 0 [pid 6962] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6963] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6962] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6968] <... write resumed>) = 2097152 [pid 6963] <... openat resumed>) = 5 [pid 6963] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] <... futex resumed>) = 0 [pid 6963] <... futex resumed>) = 1 [pid 6962] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6962] <... futex resumed>) = 0 [pid 6962] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6963] <... write resumed>) = 1116 [pid 6968] munmap(0x7f7017800000, 138412032 [pid 6963] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6962] <... futex resumed>) = 0 [pid 6963] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6962] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6963] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6962] <... futex resumed>) = 0 [pid 6963] <... mmap resumed>) = 0x200000000000 [pid 6968] <... munmap resumed>) = 0 [pid 6963] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... write resumed>) = 2097152 [pid 6963] <... futex resumed>) = 0 [pid 6962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... umount2 resumed>) = 0 [pid 6963] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6962] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6963] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6962] <... futex resumed>) = 0 [pid 6963] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6962] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6963] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6963] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6962] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6969] munmap(0x7f7017800000, 138412032 [pid 6963] <... futex resumed>) = 0 [pid 6962] <... futex resumed>) = 1 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6963] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6962] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 6968] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6968] <... openat resumed>) = 4 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 6968] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6969] <... munmap resumed>) = 0 [pid 6969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6969] ioctl(4, LOOP_SET_FD, 3 [pid 5871] unlink("./95/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6968] <... ioctl resumed>) = 0 [pid 6968] close(3) = 0 [pid 6968] close(4 [pid 5871] close(3 [pid 6968] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6968] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] rmdir("./95" [pid 6968] <... mkdir resumed>) = 0 [pid 6968] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... rmdir resumed>) = 0 [pid 6969] <... ioctl resumed>) = 0 [pid 5871] mkdir("./96", 0777 [pid 6969] close(3) = 0 [pid 6969] close(4) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 6969] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6969] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 440.533933][ T6968] loop2: detected capacity change from 0 to 4096 [ 440.550679][ T6969] loop0: detected capacity change from 0 to 4096 [pid 5871] close(3 [pid 6965] <... mount resumed>) = 0 [pid 6965] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6965] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6965] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6965] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6964] <... futex resumed>) = 0 [pid 6965] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6964] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6964] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6965] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6965] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6964] <... futex resumed>) = 0 [pid 6965] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6964] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 6965] <... openat resumed>) = 5 [pid 6964] <... futex resumed>) = 0 [pid 6965] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 6970 attached [pid 6964] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... futex resumed>) = 0 [pid 6964] <... futex resumed>) = 0 [pid 6970] set_robust_list(0x55557616a6a0, 24 [pid 6965] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6964] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 200 [pid 6970] <... set_robust_list resumed>) = 0 [pid 6965] <... write resumed>) = 1116 [pid 6965] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] chdir("./96" [pid 6965] <... futex resumed>) = 1 [pid 6964] <... futex resumed>) = 0 [pid 6970] <... chdir resumed>) = 0 [pid 6965] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6964] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6965] <... mmap resumed>) = 0x200000000000 [pid 6964] <... futex resumed>) = 0 [pid 6970] <... prctl resumed>) = 0 [pid 6965] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] setpgid(0, 0 [pid 6964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6965] <... futex resumed>) = 0 [pid 6970] <... setpgid resumed>) = 0 [pid 6964] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6964] <... futex resumed>) = 0 [pid 6970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6965] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6964] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... openat resumed>) = 3 [pid 6965] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] write(3, "1000", 4 [pid 6965] <... futex resumed>) = 1 [pid 6964] <... futex resumed>) = 0 [pid 6965] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6964] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6970] <... write resumed>) = 4 [pid 6965] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6964] <... futex resumed>) = 0 [pid 6970] close(3 [pid 6965] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6964] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... close resumed>) = 0 [pid 6970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6970] write(1, "executing program\n", 18executing program ) = 18 [pid 6970] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6970] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6971 attached => {parent_tid=[201]}, 88) = 201 [pid 6971] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], [pid 6971] <... rseq resumed>) = 0 [pid 6971] set_robust_list(0x7f701fd149a0, 24 [pid 6970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6971] <... set_robust_list resumed>) = 0 [pid 6970] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] rt_sigprocmask(SIG_SETMASK, [], [pid 6970] <... futex resumed>) = 0 [pid 6971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6970] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6971] memfd_create("syzkaller", 0 [pid 6968] <... mount resumed>) = 0 [pid 6968] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6971] <... memfd_create resumed>) = 3 [pid 6971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6968] <... openat resumed>) = 3 [pid 6971] <... mmap resumed>) = 0x7f7017800000 [pid 6968] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6968] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6968] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... mount resumed>) = 0 [pid 6968] <... futex resumed>) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6968] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6966] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6966] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6968] <... futex resumed>) = 0 [pid 6969] <... openat resumed>) = 3 [pid 6968] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6969] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6968] <... openat resumed>) = 4 [pid 6969] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... futex resumed>) = 1 [pid 6968] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6967] <... futex resumed>) = 0 [pid 6969] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6967] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = 0 [pid 6967] <... futex resumed>) = 1 [pid 6969] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6968] <... openat resumed>) = 5 [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6968] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6968] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6968] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... futex resumed>) = 0 [pid 6966] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6966] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... openat resumed>) = 4 [pid 6968] <... futex resumed>) = 1 [pid 6969] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6962] <... futex resumed>) = ? [pid 6969] <... futex resumed>) = 1 [pid 6967] <... futex resumed>) = 0 [pid 6967] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6967] <... futex resumed>) = 0 [pid 6968] <... mmap resumed>) = 0x200000000000 [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = 1 [pid 6969] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6968] <... futex resumed>) = 1 [pid 6967] <... futex resumed>) = 0 [pid 6966] <... futex resumed>) = 0 [pid 6968] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6967] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = 0 [pid 6968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6967] <... futex resumed>) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6969] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6968] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6966] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... write resumed>) = 1116 [pid 6968] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6968] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6969] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6966] <... futex resumed>) = 0 [pid 6969] <... futex resumed>) = 1 [pid 6967] <... futex resumed>) = 0 [pid 6966] ???( [pid 6971] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6969] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6967] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... mmap resumed>) = 0x200000000000 [pid 6967] <... futex resumed>) = 0 [pid 6963] +++ killed by SIGSEGV (core dumped) +++ [pid 6962] +++ killed by SIGSEGV (core dumped) +++ [pid 6969] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=204, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 6969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6967] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6969] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6967] <... futex resumed>) = 0 [pid 6969] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6967] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... futex resumed>) = 1 [pid 6967] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6967] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=38000000} [pid 6969] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... openat resumed>) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6971] <... write resumed>) = 2097152 [pid 6971] munmap(0x7f7017800000, 138412032) = 0 [pid 6971] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6971] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./95/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./95") = 0 [pid 5870] mkdir("./96", 0777) = 0 [ 441.101416][ T6971] loop3: detected capacity change from 0 to 4096 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6972 attached [pid 6972] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6972] chdir("./96" [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 206 [pid 6972] <... chdir resumed>) = 0 [pid 6972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6972] setpgid(0, 0 [pid 6971] <... ioctl resumed>) = 0 [pid 6971] close(3) = 0 [pid 6971] close(4) = 0 [pid 6971] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6972] <... setpgid resumed>) = 0 [pid 6971] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6972] write(3, "1000", 4) = 4 [pid 6972] close(3) = 0 [pid 6972] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6972] write(1, "executing program\n", 18) = 18 [pid 6972] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6972] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[207]}, 88) = 207 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6972] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6973 attached [pid 6972] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6973] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6973] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6964] <... futex resumed>) = ? [pid 6973] rt_sigprocmask(SIG_SETMASK, [], [pid 6965] +++ killed by SIGSEGV (core dumped) +++ [pid 6973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] memfd_create("syzkaller", 0 [pid 6964] +++ killed by SIGSEGV (core dumped) +++ [pid 6973] <... memfd_create resumed>) = 3 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=198, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6973] <... mmap resumed>) = 0x7f7017800000 [pid 5872] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6971] <... mount resumed>) = 0 [pid 6971] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6971] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6971] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6971] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6971] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6967] <... futex resumed>) = ? [pid 6970] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = 0 [pid 6970] <... futex resumed>) = 1 [pid 6971] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6970] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] +++ killed by SIGSEGV (core dumped) +++ [pid 6967] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=198, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6971] <... openat resumed>) = 4 [pid 6971] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6971] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6970] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6970] <... futex resumed>) = 0 [pid 6970] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6971] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6973] <... write resumed>) = 2097152 [pid 6973] munmap(0x7f7017800000, 138412032 [pid 6971] <... openat resumed>) = 5 [pid 6971] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... munmap resumed>) = 0 [pid 6971] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6966] <... ??? resumed>) = ? [pid 5872] <... umount2 resumed>) = 0 [pid 6971] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6970] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... write resumed>) = 1116 [pid 6970] <... futex resumed>) = 0 [pid 6970] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6973] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6971] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] +++ killed by SIGSEGV (core dumped) +++ [pid 6966] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6971] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6971] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=200, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 6970] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6970] <... futex resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 6970] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6971] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6973] <... openat resumed>) = 4 [pid 6971] <... mmap resumed>) = 0x200000000000 [pid 5872] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6973] ioctl(4, LOOP_SET_FD, 3 [pid 6971] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... restart_syscall resumed>) = 0 [pid 6973] <... ioctl resumed>) = 0 [pid 6971] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6970] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] newfstatat(4, "", [pid 5869] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6970] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6971] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5872] getdents64(4, [pid 5869] <... openat resumed>) = 3 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] newfstatat(3, "", [pid 5872] getdents64(4, [pid 6971] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] close(4 [pid 5869] getdents64(3, [pid 6971] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6971] <... futex resumed>) = 1 [pid 6970] <... futex resumed>) = 0 [pid 6971] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6970] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = 0 [pid 6970] <... futex resumed>) = 1 [pid 5872] rmdir("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6971] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6970] ???( [pid 5872] <... rmdir resumed>) = 0 [pid 5872] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./95/binderfs", [pid 5868] <... umount2 resumed>) = 0 [pid 6973] close(3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./95/binderfs") = 0 [pid 5872] getdents64(3, [pid 5868] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... close resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] rmdir("./95" [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5872] mkdir("./96", 0777 [pid 5868] umount2("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6973] <... close resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 6973] close(4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 441.558180][ T6973] loop1: detected capacity change from 0 to 4096 [pid 6973] <... close resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... openat resumed>) = 3 [pid 6973] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5868] <... openat resumed>) = 4 [pid 6973] <... mkdir resumed>) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 5872] close(3 [pid 6973] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x39\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./95/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] rmdir("./95") = 0 [pid 5868] mkdir("./96", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6974 attached [pid 6974] set_robust_list(0x55557616a6a0, 24 [pid 5869] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 200 [pid 6974] <... set_robust_list resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6974] chdir("./96" [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6974] <... chdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6974] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6974] <... prctl resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6974] setpgid(0, 0 [pid 5869] <... openat resumed>) = 4 [pid 6974] <... setpgid resumed>) = 0 [pid 5869] newfstatat(4, "", [pid 6974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6974] <... openat resumed>) = 3 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 6974] write(3, "1000", 4 [pid 5869] close(4 [pid 6974] <... write resumed>) = 4 [pid 5869] <... close resumed>) = 0 [pid 6974] close(3 [pid 5869] rmdir("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6974] <... close resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 6974] symlink("/dev/binderfs", "./binderfs" [pid 5869] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6974] <... symlink resumed>) = 0 executing program [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6974] write(1, "executing program\n", 18 [pid 5869] newfstatat(AT_FDCWD, "./96/binderfs", [pid 6974] <... write resumed>) = 18 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6974] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] unlink("./96/binderfs" [pid 6974] <... futex resumed>) = 0 [pid 6974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] <... unlink resumed>) = 0 [pid 6974] <... mmap resumed>) = 0x7f701fcf4000 [pid 5869] getdents64(3, [pid 6974] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6974] <... mprotect resumed>) = 0 [pid 6974] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] close(3 [pid 6974] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[201]}, 88) = 201 [pid 6974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6974] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6975 attached [pid 6974] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./96") = 0 [pid 6975] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5869] mkdir("./97", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 6975] <... rseq resumed>) = 0 [pid 6975] set_robust_list(0x7f701fd149a0, 24 [pid 5868] <... close resumed>) = 0 [pid 6975] <... set_robust_list resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6975] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6976 attached NULL, 8) = 0 [pid 6976] set_robust_list(0x55557616a6a0, 24 [pid 6975] memfd_create("syzkaller", 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 200 [pid 6976] <... set_robust_list resumed>) = 0 [pid 6976] chdir("./96" [pid 6975] <... memfd_create resumed>) = 3 [pid 6976] <... chdir resumed>) = 0 [pid 6975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6976] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6975] <... mmap resumed>) = 0x7f7017800000 [pid 6973] <... mount resumed>) = 0 [pid 6973] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6976] <... prctl resumed>) = 0 [pid 6973] <... openat resumed>) = 3 [pid 6973] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6976] setpgid(0, 0 [pid 6973] <... chdir resumed>) = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6976] <... setpgid resumed>) = 0 [pid 6976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6973] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6973] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] <... openat resumed>) = 3 [pid 6973] <... futex resumed>) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 6976] write(3, "1000", 4 [pid 6973] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6976] <... write resumed>) = 4 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6976] close(3) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 202 [pid 6976] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6977 attached executing program [pid 6977] set_robust_list(0x55557616a6a0, 24 [pid 6976] <... symlink resumed>) = 0 [pid 6973] <... openat resumed>) = 4 [pid 6976] write(1, "executing program\n", 18) = 18 [pid 6973] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6977] <... set_robust_list resumed>) = 0 [pid 6972] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] chdir("./97" [pid 6976] <... futex resumed>) = 0 [pid 6973] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6972] <... futex resumed>) = 0 [pid 6977] <... chdir resumed>) = 0 [pid 6977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6977] setpgid(0, 0) = 0 [pid 6976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6972] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6976] <... mmap resumed>) = 0x7f701fcf4000 [pid 6977] <... openat resumed>) = 3 [pid 6976] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6977] write(3, "1000", 4) = 4 [pid 6977] close(3) = 0 [pid 6977] symlink("/dev/binderfs", "./binderfs" [pid 6976] <... mprotect resumed>) = 0 [pid 6973] <... openat resumed>) = 5 [pid 6976] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6973] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6977] <... symlink resumed>) = 0 [pid 6977] write(1, "executing program\n", 18) = 18 [pid 6976] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6975] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6973] <... futex resumed>) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6973] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6972] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6978 attached [pid 6977] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... futex resumed>) = 0 [pid 6977] <... futex resumed>) = 0 [pid 6972] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6973] <... write resumed>) = 1116 [pid 6978] <... rseq resumed>) = 0 [pid 6973] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] set_robust_list(0x7f701fd149a0, 24 [pid 6973] <... futex resumed>) = 1 [pid 6978] <... set_robust_list resumed>) = 0 [pid 6972] <... futex resumed>) = 0 [pid 6978] rt_sigprocmask(SIG_SETMASK, [], [pid 6977] <... mmap resumed>) = 0x7f701fcf4000 [pid 6972] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6977] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6972] <... futex resumed>) = 0 [pid 6978] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6977] <... mprotect resumed>) = 0 [pid 6976] <... clone3 resumed> => {parent_tid=[201]}, 88) = 201 [pid 6972] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6977] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6973] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6977] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[203]}, 88) = 203 [pid 6977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6977] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6979 attached ) = 0 [pid 6976] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] <... mmap resumed>) = 0x200000000000 [pid 6976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6973] <... futex resumed>) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6978] <... futex resumed>) = 0 [pid 6976] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6973] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6977] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6979] <... rseq resumed>) = 0 [pid 6979] set_robust_list(0x7f701fd149a0, 24 [pid 6978] memfd_create("syzkaller", 0 [pid 6973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6972] <... futex resumed>) = 0 [pid 6972] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] <... set_robust_list resumed>) = 0 [pid 6979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6979] memfd_create("syzkaller", 0 [pid 6978] <... memfd_create resumed>) = 3 [pid 6973] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6970] <... ??? resumed>) = ? [pid 6979] <... memfd_create resumed>) = 3 [pid 6973] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6973] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... mmap resumed>) = 0x7f7017800000 [pid 6978] <... mmap resumed>) = 0x7f7017800000 [pid 6973] <... futex resumed>) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6973] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6972] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6971] +++ killed by SIGSEGV (core dumped) +++ [pid 6970] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=200, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5871] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6975] <... write resumed>) = 2097152 [pid 6975] munmap(0x7f7017800000, 138412032 [pid 6979] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6978] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6975] <... munmap resumed>) = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6975] close(3) = 0 [pid 6975] close(4) = 0 [pid 6975] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6975] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6979] <... write resumed>) = 2097152 [pid 6978] <... write resumed>) = 2097152 [pid 6979] munmap(0x7f7017800000, 138412032 [pid 6978] munmap(0x7f7017800000, 138412032) = 0 [ 442.016788][ T6975] loop4: detected capacity change from 0 to 4096 [pid 6979] <... munmap resumed>) = 0 [pid 6979] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6979] ioctl(4, LOOP_SET_FD, 3 [pid 6978] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] <... umount2 resumed>) = 0 [pid 6978] <... openat resumed>) = 4 [pid 6978] ioctl(4, LOOP_SET_FD, 3 [pid 6979] <... ioctl resumed>) = 0 [pid 6979] close(3) = 0 [pid 6979] close(4) = 0 [pid 6979] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 6979] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6978] <... ioctl resumed>) = 0 [pid 6978] close(3 [pid 5871] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6978] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6978] close(4) = 0 [pid 6978] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6978] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 442.084556][ T6979] loop2: detected capacity change from 0 to 4096 [ 442.097711][ T6978] loop0: detected capacity change from 0 to 4096 [pid 5871] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./96/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./96") = 0 [pid 5871] mkdir("./97", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6975] <... mount resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6975] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6975] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6975] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 202 ./strace-static-x86_64: Process 6980 attached [pid 6980] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6975] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] chdir("./97" [pid 6975] <... futex resumed>) = 1 [pid 6974] <... futex resumed>) = 0 [pid 6980] <... chdir resumed>) = 0 [pid 6975] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6980] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6974] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] <... prctl resumed>) = 0 [pid 6975] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6980] setpgid(0, 0) = 0 [pid 6980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6980] write(3, "1000", 4) = 4 [pid 6972] <... futex resumed>) = ? [pid 6980] close(3) = 0 [pid 6980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6980] write(1, "executing program\n", 18 [pid 6975] <... openat resumed>) = 4 executing program [pid 6980] <... write resumed>) = 18 [pid 6980] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6975] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] <... mmap resumed>) = 0x7f701fcf4000 [pid 6975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6974] <... futex resumed>) = 0 [pid 6980] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6975] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6974] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6980] <... mprotect resumed>) = 0 [pid 6980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6975] <... openat resumed>) = 5 [pid 6980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6981 attached => {parent_tid=[203]}, 88) = 203 [pid 6973] +++ killed by SIGSEGV (core dumped) +++ [pid 6972] +++ killed by SIGSEGV (core dumped) +++ [pid 6975] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6980] rt_sigprocmask(SIG_SETMASK, [], [pid 6979] <... mount resumed>) = 0 [pid 6978] <... mount resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6974] <... futex resumed>) = 0 [pid 6981] <... rseq resumed>) = 0 [pid 6980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6979] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6978] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6975] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6974] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=206, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 6981] set_robust_list(0x7f701fd149a0, 24 [pid 6980] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... openat resumed>) = 3 [pid 6978] <... openat resumed>) = 3 [pid 6975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6974] <... futex resumed>) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 6981] <... set_robust_list resumed>) = 0 [pid 6978] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6981] rt_sigprocmask(SIG_SETMASK, [], [pid 6980] <... futex resumed>) = 0 [pid 6978] <... chdir resumed>) = 0 [pid 6974] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5870] <... restart_syscall resumed>) = 0 [pid 6981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6978] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6975] <... write resumed>) = 1116 [pid 6980] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6981] memfd_create("syzkaller", 0 [pid 6978] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6981] <... memfd_create resumed>) = 3 [pid 6979] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6978] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6979] <... chdir resumed>) = 0 [pid 6978] <... futex resumed>) = 1 [pid 6976] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6976] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] <... futex resumed>) = 1 [pid 6976] <... futex resumed>) = 0 [pid 6975] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6979] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6978] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6976] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6974] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 6981] <... mmap resumed>) = 0x7f7017800000 [pid 6979] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6975] <... futex resumed>) = 0 [pid 6974] <... futex resumed>) = 1 [pid 6979] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6974] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(3, "", [pid 6979] <... futex resumed>) = 1 [pid 6978] <... openat resumed>) = 4 [pid 6977] <... futex resumed>) = 0 [pid 6975] <... mmap resumed>) = 0x200000000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 6979] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6977] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 6977] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6977] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6978] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] <... futex resumed>) = 1 [pid 6976] <... futex resumed>) = 0 [pid 6974] <... futex resumed>) = 0 [pid 6975] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6976] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6976] <... futex resumed>) = 0 [pid 6974] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] <... openat resumed>) = 5 [pid 6976] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6978] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] <... futex resumed>) = 1 [pid 6978] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6979] <... openat resumed>) = 4 [pid 6976] <... futex resumed>) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6974] <... futex resumed>) = 0 [pid 6975] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6976] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] <... futex resumed>) = 0 [pid 6976] <... futex resumed>) = 1 [pid 6975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6974] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6974] <... futex resumed>) = 0 [pid 6979] <... futex resumed>) = 1 [pid 6978] <... write resumed>) = 1116 [pid 6977] <... futex resumed>) = 0 [pid 6974] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] <... futex resumed>) = 0 [pid 6977] <... futex resumed>) = 0 [pid 6978] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6977] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6976] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6979] <... openat resumed>) = 5 [pid 6976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6979] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] <... futex resumed>) = 0 [pid 6976] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] <... futex resumed>) = 1 [pid 6979] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6978] <... futex resumed>) = 0 [pid 6976] <... futex resumed>) = 1 [pid 6976] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6979] <... write resumed>) = 1116 [pid 6978] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6978] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6979] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6979] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6977] <... futex resumed>) = 0 [pid 6977] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... futex resumed>) = 0 [pid 6977] <... futex resumed>) = 1 [pid 6979] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6979] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6979] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6977] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6977] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6979] <... futex resumed>) = 0 [pid 6979] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6977] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6977] <... futex resumed>) = 0 [pid 6977] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6977] <... futex resumed>) = 0 [pid 6976] <... futex resumed>) = 0 [pid 6981] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6976] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] <... futex resumed>) = 0 [pid 6976] <... futex resumed>) = 1 [pid 6978] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 6976] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6978] <... futex resumed>) = 0 [pid 6976] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6981] <... write resumed>) = 2097152 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, [pid 6981] munmap(0x7f7017800000, 138412032 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./96/binderfs", [pid 6981] <... munmap resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6981] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] unlink("./96/binderfs" [pid 6981] <... openat resumed>) = 4 [pid 5870] <... unlink resumed>) = 0 [pid 6981] ioctl(4, LOOP_SET_FD, 3 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./96") = 0 [pid 5870] mkdir("./97", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 6981] <... ioctl resumed>) = 0 [pid 6981] close(3 [pid 5870] <... ioctl resumed>) = 0 [pid 6981] <... close resumed>) = 0 [pid 5870] close(3 [pid 6981] close(4) = 0 [pid 6981] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 442.566397][ T6981] loop3: detected capacity change from 0 to 4096 [pid 6981] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6982 attached [pid 6982] set_robust_list(0x55557616a6a0, 24 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 208 [pid 6982] <... set_robust_list resumed>) = 0 [pid 6982] chdir("./97") = 0 [pid 6982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6982] setpgid(0, 0) = 0 [pid 6982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6982] write(3, "1000", 4) = 4 [pid 6982] close(3) = 0 [pid 6982] symlink("/dev/binderfs", "./binderfs" [pid 6974] <... futex resumed>) = ? [pid 6982] <... symlink resumed>) = 0 [pid 6982] write(1, "executing program\n", 18executing program ) = 18 [pid 6982] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] +++ killed by SIGSEGV (core dumped) +++ [pid 6974] +++ killed by SIGSEGV (core dumped) +++ [pid 6982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=200, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 6982] <... mmap resumed>) = 0x7f701fcf4000 [pid 6982] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6982] <... mprotect resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6982] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 6982] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6981] <... mount resumed>) = 0 [pid 6982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6983 attached [pid 5872] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6982] <... clone3 resumed> => {parent_tid=[209]}, 88) = 209 [pid 6983] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6982] rt_sigprocmask(SIG_SETMASK, [], [pid 6981] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6983] <... rseq resumed>) = 0 [pid 6982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6981] <... openat resumed>) = 3 [pid 6982] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] set_robust_list(0x7f701fd149a0, 24 [pid 6981] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6983] <... set_robust_list resumed>) = 0 [pid 6983] rt_sigprocmask(SIG_SETMASK, [], [pid 6981] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6981] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] memfd_create("syzkaller", 0 [pid 6982] <... futex resumed>) = 0 [pid 6981] <... futex resumed>) = 1 [pid 6980] <... futex resumed>) = 0 [pid 6980] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] <... memfd_create resumed>) = 3 [pid 6982] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6981] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6980] <... futex resumed>) = 0 [pid 6983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6980] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6983] <... mmap resumed>) = 0x7f7017800000 [pid 6981] <... openat resumed>) = 4 [pid 6981] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6980] <... futex resumed>) = 0 [pid 6981] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6980] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6980] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6981] <... openat resumed>) = 5 [pid 6981] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6980] <... futex resumed>) = 0 [pid 6981] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6980] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6981] <... write resumed>) = 1116 [pid 6981] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6981] <... futex resumed>) = 0 [pid 6981] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6980] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] <... futex resumed>) = 0 [pid 6980] <... futex resumed>) = 1 [pid 6981] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6980] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6981] <... mmap resumed>) = 0x200000000000 [pid 6981] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6980] <... futex resumed>) = 0 [pid 6981] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6980] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6980] <... futex resumed>) = 0 [pid 6981] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6980] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6981] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6981] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6980] <... futex resumed>) = 0 [pid 6981] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6980] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] +++ killed by SIGSEGV (core dumped) +++ [pid 6977] +++ killed by SIGSEGV (core dumped) +++ [pid 6981] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6980] <... futex resumed>) = 0 [pid 6980] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=202, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5869] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6983] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 6976] <... futex resumed>) = ? [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 6983] <... write resumed>) = 2097152 [pid 5872] rmdir("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6983] munmap(0x7f7017800000, 138412032 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6983] <... munmap resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "./96/binderfs", [pid 6983] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6983] <... openat resumed>) = 4 [pid 6983] ioctl(4, LOOP_SET_FD, 3 [pid 6978] +++ killed by SIGSEGV (core dumped) +++ [pid 6976] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] unlink("./96/binderfs" [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=200, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5872] <... unlink resumed>) = 0 [pid 5868] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] getdents64(3, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] close(3 [pid 5868] <... openat resumed>) = 3 [pid 5872] <... close resumed>) = 0 [pid 5868] newfstatat(3, "", [pid 5872] rmdir("./96" [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 5872] <... rmdir resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] mkdir("./97", 0777 [pid 5868] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6983] <... ioctl resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 6983] close(3) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6983] close(4) = 0 [pid 5872] <... openat resumed>) = 3 [pid 6983] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 6983] <... mkdir resumed>) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 6983] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] close(3 [pid 5869] <... umount2 resumed>) = 0 [ 442.937196][ T6983] loop1: detected capacity change from 0 to 4096 [pid 5869] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38"./strace-static-x86_64: Process 6984 attached ) = 0 [pid 5869] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6984] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6984] <... set_robust_list resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6984] chdir("./97") = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6984] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 202 [pid 5869] unlink("./97/binderfs" [pid 6984] <... prctl resumed>) = 0 [pid 6984] setpgid(0, 0 [pid 5869] <... unlink resumed>) = 0 [pid 6984] <... setpgid resumed>) = 0 [pid 5869] getdents64(3, [pid 6984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 6984] <... openat resumed>) = 3 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./97" [pid 6984] write(3, "1000", 4) = 4 [pid 5869] <... rmdir resumed>) = 0 [pid 6984] close(3 [pid 5869] mkdir("./98", 0777 [pid 5868] <... umount2 resumed>) = 0 [pid 6984] <... close resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 6984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6984] write(1, "executing program\n", 18 [pid 5869] <... openat resumed>) = 3 executing program [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6984] <... write resumed>) = 18 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6984] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... ioctl resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6984] <... futex resumed>) = 0 [pid 5869] close(3 [pid 5868] umount2("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6984] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6984] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6984] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] getdents64(4, [pid 6984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6985 attached [pid 5868] close(4) = 0 [pid 6985] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5868] rmdir("\x2e\x2f\x39\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6985] <... rseq resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 6985] set_robust_list(0x7f701fd149a0, 24 [pid 6984] <... clone3 resumed> => {parent_tid=[203]}, 88) = 203 [pid 5868] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6985] <... set_robust_list resumed>) = 0 [pid 6984] rt_sigprocmask(SIG_SETMASK, [], [pid 6985] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6980] <... futex resumed>) = ? [pid 5868] newfstatat(AT_FDCWD, "./96/binderfs", [pid 6985] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6981] +++ killed by SIGSEGV (core dumped) +++ [pid 6980] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... close resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6984] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] unlink("./96/binderfs" [pid 6985] <... futex resumed>) = 0 [pid 6984] <... futex resumed>) = 1 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=202, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- ./strace-static-x86_64: Process 6986 attached [pid 6985] memfd_create("syzkaller", 0 [pid 6984] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... unlink resumed>) = 0 [pid 6986] set_robust_list(0x55557616a6a0, 24 [pid 6985] <... memfd_create resumed>) = 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 204 [pid 5868] getdents64(3, [pid 6986] <... set_robust_list resumed>) = 0 [pid 6985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5868] close(3 [pid 5871] newfstatat(3, "", [pid 5868] <... close resumed>) = 0 [pid 6986] chdir("./98" [pid 6985] <... mmap resumed>) = 0x7f7017800000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] rmdir("./96" [pid 5871] getdents64(3, [pid 5868] <... rmdir resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] mkdir("./97", 0777 [pid 5871] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 6986] <... chdir resumed>) = 0 [pid 6983] <... mount resumed>) = 0 [pid 6983] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6986] setpgid(0, 0) = 0 [pid 6986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6986] write(3, "1000", 4) = 4 [pid 6986] close(3) = 0 [pid 6986] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6986] write(1, "executing program\n", 18) = 18 [pid 6986] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] <... openat resumed>) = 3 [pid 6986] <... futex resumed>) = 0 [pid 6986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6986] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6983] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6986] <... mprotect resumed>) = 0 [pid 6986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6983] <... chdir resumed>) = 0 [pid 6983] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6986] <... clone3 resumed> => {parent_tid=[205]}, 88) = 205 ./strace-static-x86_64: Process 6987 attached [pid 6986] rt_sigprocmask(SIG_SETMASK, [], [pid 6983] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6987] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6983] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6986] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6986] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6983] <... futex resumed>) = 1 [pid 6982] <... futex resumed>) = 0 [pid 6987] <... rseq resumed>) = 0 [pid 6983] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6982] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 6987] set_robust_list(0x7f701fd149a0, 24 [pid 6983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6982] <... futex resumed>) = 0 [pid 6987] <... set_robust_list resumed>) = 0 [pid 6983] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6982] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6988 attached [pid 6987] memfd_create("syzkaller", 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 202 [pid 6988] set_robust_list(0x55557616a6a0, 24 [pid 6987] <... memfd_create resumed>) = 3 [pid 6983] <... openat resumed>) = 4 [pid 6983] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6988] <... set_robust_list resumed>) = 0 [pid 6988] chdir("./97" [pid 6987] <... mmap resumed>) = 0x7f7017800000 [pid 6985] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6983] <... futex resumed>) = 1 [pid 6982] <... futex resumed>) = 0 [pid 6988] <... chdir resumed>) = 0 [pid 6983] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6982] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6982] <... futex resumed>) = 0 [pid 6988] <... prctl resumed>) = 0 [pid 6982] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] setpgid(0, 0) = 0 [pid 6988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6988] write(3, "1000", 4executing program ) = 4 [pid 6983] <... openat resumed>) = 5 [pid 6988] close(3) = 0 [pid 6988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6988] write(1, "executing program\n", 18) = 18 [pid 6988] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6988] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[203]}, 88) = 203 [pid 6983] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] rt_sigprocmask(SIG_SETMASK, [], [pid 6983] <... futex resumed>) = 1 [pid 6982] <... futex resumed>) = 0 [pid 6982] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6982] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6989 attached [pid 6988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6989] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6988] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6982] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... futex resumed>) = 0 [pid 6988] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6983] <... write resumed>) = 1116 [pid 6989] <... rseq resumed>) = 0 [pid 6983] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6989] rt_sigprocmask(SIG_SETMASK, [], [pid 6983] <... futex resumed>) = 1 [pid 6982] <... futex resumed>) = 0 [pid 6983] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6982] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6982] <... futex resumed>) = 0 [pid 6983] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6982] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6983] <... mmap resumed>) = 0x200000000000 [pid 6989] memfd_create("syzkaller", 0 [pid 6983] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6982] <... futex resumed>) = 0 [pid 6983] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6982] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6983] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6983] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6982] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6983] <... futex resumed>) = 0 [pid 6982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6983] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6982] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6982] <... futex resumed>) = 0 [pid 6983] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6982] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... memfd_create resumed>) = 3 [pid 6989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6987] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6985] <... write resumed>) = 2097152 [pid 6985] munmap(0x7f7017800000, 138412032) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 6985] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6985] ioctl(4, LOOP_SET_FD, 3 [pid 5871] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 6985] <... ioctl resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 6989] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6985] close(3 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 6985] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6985] close(4 [pid 5871] rmdir("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6985] <... close resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6985] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6985] <... mkdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./97/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./97" [pid 6985] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... rmdir resumed>) = 0 [pid 5871] mkdir("./98", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 443.379416][ T6985] loop4: detected capacity change from 0 to 4096 [pid 5871] close(3 [pid 6987] <... write resumed>) = 2097152 [pid 6987] munmap(0x7f7017800000, 138412032 [pid 5871] <... close resumed>) = 0 [pid 6987] <... munmap resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6990 attached [pid 6987] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6990] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6987] <... openat resumed>) = 4 [pid 6990] chdir("./98" [pid 6987] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 204 [pid 6990] <... chdir resumed>) = 0 [pid 6990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6990] setpgid(0, 0) = 0 [pid 6990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6989] <... write resumed>) = 2097152 [pid 6985] <... mount resumed>) = 0 [pid 6990] write(3, "1000", 4 [pid 6985] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6985] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6985] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6985] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6985] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] <... write resumed>) = 4 [pid 6990] close(3) = 0 [pid 6989] munmap(0x7f7017800000, 138412032 [pid 6984] <... futex resumed>) = 0 [pid 6990] symlink("/dev/binderfs", "./binderfs" [pid 6984] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... symlink resumed>) = 0 [pid 6985] <... futex resumed>) = 0 [pid 6984] <... futex resumed>) = 1 [pid 6985] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6984] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6990] write(1, "executing program\n", 18executing program ) = 18 [pid 6990] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6990] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [ 443.491912][ T6987] loop2: detected capacity change from 0 to 4096 [pid 6990] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6989] <... munmap resumed>) = 0 [pid 6987] <... ioctl resumed>) = 0 [pid 6985] <... openat resumed>) = 4 [pid 6987] close(3 [pid 6990] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6989] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6987] <... close resumed>) = 0 [pid 6985] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] close(4 [pid 6989] <... openat resumed>) = 4 [pid 6985] <... futex resumed>) = 1 [pid 6990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6989] ioctl(4, LOOP_SET_FD, 3 [pid 6987] <... close resumed>) = 0 [pid 6985] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] <... futex resumed>) = 0 [pid 6987] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6984] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6991 attached ) = 0 [pid 6984] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6985] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6991] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6990] <... clone3 resumed> => {parent_tid=[205]}, 88) = 205 [pid 6987] <... mkdir resumed>) = 0 [pid 6987] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6991] <... rseq resumed>) = 0 [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6991] set_robust_list(0x7f701fd149a0, 24 [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6991] <... set_robust_list resumed>) = 0 [pid 6990] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], [pid 6990] <... futex resumed>) = 0 [pid 6985] <... openat resumed>) = 5 [pid 6991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6985] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] memfd_create("syzkaller", 0 [pid 6985] <... futex resumed>) = 1 [pid 6984] <... futex resumed>) = 0 [pid 6985] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6984] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... write resumed>) = 1116 [pid 6984] <... futex resumed>) = 0 [pid 6985] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6984] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6985] <... futex resumed>) = 0 [pid 6984] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6985] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6984] <... futex resumed>) = 0 [pid 6991] <... memfd_create resumed>) = 3 [pid 6991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6985] <... futex resumed>) = 0 [pid 6984] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... mmap resumed>) = 0x7f7017800000 [pid 6985] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6984] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6984] <... futex resumed>) = 0 [pid 6985] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6984] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... ioctl resumed>) = 0 [pid 6985] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] close(3 [pid 6985] <... futex resumed>) = 1 [pid 6984] <... futex resumed>) = 0 [pid 6989] <... close resumed>) = 0 [pid 6985] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] close(4 [pid 6985] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6984] <... futex resumed>) = 0 [pid 6989] <... close resumed>) = 0 [ 443.561103][ T6989] loop0: detected capacity change from 0 to 4096 [pid 6989] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6985] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6984] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... mkdir resumed>) = 0 [pid 6989] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6983] +++ killed by SIGSEGV (core dumped) +++ [pid 6982] <... futex resumed>) = ? [pid 6991] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6982] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=208, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5870] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6987] <... mount resumed>) = 0 [pid 6987] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6987] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6987] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6987] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6986] <... futex resumed>) = 0 [pid 6987] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6986] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6989] <... mount resumed>) = 0 [pid 6987] <... openat resumed>) = 4 [pid 6986] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6987] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... write resumed>) = 2097152 [pid 6989] <... openat resumed>) = 3 [pid 6987] <... futex resumed>) = 0 [pid 6986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] munmap(0x7f7017800000, 138412032 [pid 6986] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... munmap resumed>) = 0 [pid 6986] <... futex resumed>) = 0 [pid 6986] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6987] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6989] <... chdir resumed>) = 0 [pid 6987] <... openat resumed>) = 5 [pid 6991] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6991] ioctl(4, LOOP_SET_FD, 3 [pid 6989] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6987] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6989] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6987] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6986] <... futex resumed>) = 0 [pid 6986] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6987] <... futex resumed>) = 0 [pid 6986] <... futex resumed>) = 1 [pid 6988] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6987] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6986] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] <... umount2 resumed>) = 0 [pid 6991] <... ioctl resumed>) = 0 [pid 6989] <... openat resumed>) = 4 [pid 6987] <... write resumed>) = 1116 [pid 6989] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6991] close(3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6991] <... close resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6991] close(4 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6991] <... close resumed>) = 0 [pid 6989] <... futex resumed>) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6987] <... futex resumed>) = 1 [pid 6986] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6989] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6987] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6986] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6986] <... futex resumed>) = 0 [pid 6991] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 6988] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6986] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 4 [pid 6991] <... mkdir resumed>) = 0 [pid 6989] <... futex resumed>) = 0 [pid 6988] <... futex resumed>) = 1 [pid 6987] <... mmap resumed>) = 0x200000000000 [pid 6991] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 6988] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, [pid 6989] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6987] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./97/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./97") = 0 [pid 5870] mkdir("./98", 0777) = 0 [ 443.887981][ T6991] loop3: detected capacity change from 0 to 4096 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6989] <... openat resumed>) = 5 [pid 6987] <... futex resumed>) = 1 [pid 6986] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 6986] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6986] <... futex resumed>) = 0 [pid 5870] close(3 [pid 6989] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6986] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6987] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] <... futex resumed>) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6987] <... futex resumed>) = 1 [pid 6986] <... futex resumed>) = 0 [pid 6989] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6986] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6988] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... futex resumed>) = 0 [pid 6989] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6989] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6989] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6989] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 6989] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6989] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] <... futex resumed>) = 0 [pid 6988] <... futex resumed>) = 1 [pid 6989] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6988] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6989] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6988] <... futex resumed>) = 0 [pid 6989] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6988] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6989] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6992 attached [pid 6992] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 210 [pid 6992] chdir("./98") = 0 [pid 6992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6992] setpgid(0, 0) = 0 [pid 6992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6992] write(3, "1000", 4) = 4 [pid 6992] close(3executing program ) = 0 [pid 6992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6992] write(1, "executing program\n", 18) = 18 [pid 6992] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6992] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6993 attached [pid 6993] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6993] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6992] <... clone3 resumed> => {parent_tid=[211]}, 88) = 211 [pid 6993] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6992] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6993] <... futex resumed>) = 0 [pid 6993] memfd_create("syzkaller", 0 [pid 6992] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6993] <... memfd_create resumed>) = 3 [pid 6993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6991] <... mount resumed>) = 0 [pid 6984] <... futex resumed>) = ? [pid 6991] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6991] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6985] +++ killed by SIGSEGV (core dumped) +++ [pid 6984] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=202, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 6991] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 6991] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6991] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6991] <... openat resumed>) = 4 [pid 6991] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6991] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... futex resumed>) = 0 [pid 6991] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6991] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 6991] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6991] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6993] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6990] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... mmap resumed>) = 0x200000000000 [pid 6991] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] <... futex resumed>) = 0 [pid 6991] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6991] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6990] <... futex resumed>) = 0 [pid 6991] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6990] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... futex resumed>) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6991] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6990] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=38000000} [pid 6993] <... write resumed>) = 2097152 [pid 5872] <... umount2 resumed>) = 0 [pid 6993] munmap(0x7f7017800000, 138412032) = 0 [pid 5872] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6993] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6993] <... openat resumed>) = 4 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6993] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6988] <... futex resumed>) = ? [pid 5872] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./97/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./97") = 0 [pid 5872] mkdir("./98", 0777 [pid 6993] <... ioctl resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6993] close(3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 6989] +++ killed by SIGSEGV (core dumped) +++ [pid 6988] +++ killed by SIGSEGV (core dumped) +++ [pid 6993] <... close resumed>) = 0 [pid 6993] close(4 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=202, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 6993] <... close resumed>) = 0 [pid 5868] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 444.360258][ T6993] loop1: detected capacity change from 0 to 4096 [pid 5868] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6993] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5868] newfstatat(3, "", [pid 6993] <... mkdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 6993] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6986] <... futex resumed>) = ? [pid 5872] <... close resumed>) = 0 [pid 6987] +++ killed by SIGSEGV (core dumped) +++ [pid 6986] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=204, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=25 /* 0.25 s */} --- [pid 5869] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6994 attached [pid 6994] set_robust_list(0x55557616a6a0, 24) = 0 [pid 6994] chdir("./98") = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 204 [pid 6994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6994] setpgid(0, 0) = 0 [pid 6994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6994] write(3, "1000", 4) = 4 [pid 6994] close(3) = 0 [pid 6994] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6994] write(1, "executing program\n", 18) = 18 [pid 6994] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6994] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[205]}, 88) = 205 [pid 6994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6994] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6995 attached [pid 6995] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6995] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6995] memfd_create("syzkaller", 0) = 3 [pid 6995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6993] <... mount resumed>) = 0 [pid 6993] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6993] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 6993] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6993] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = 0 [pid 6993] <... futex resumed>) = 1 [pid 6992] <... futex resumed>) = 0 [pid 6993] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6992] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6992] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 6993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5868] rmdir("\x2e\x2f\x39\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./97/binderfs") = 0 [pid 5868] getdents64(3, [pid 6995] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./97") = 0 [pid 5868] mkdir("./98", 0777 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5869] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6993] <... openat resumed>) = 4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6993] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = ? [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6993] <... futex resumed>) = 1 [pid 6992] <... futex resumed>) = 0 [pid 6993] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6992] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] +++ killed by SIGSEGV (core dumped) +++ [pid 6990] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=204, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5871] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6992] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 6993] <... openat resumed>) = 5 [pid 6992] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] newfstatat(3, "", [pid 5869] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6993] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6993] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6993] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] <... openat resumed>) = 4 [pid 6992] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6992] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(4, "", [pid 6992] <... futex resumed>) = 1 [pid 6993] <... futex resumed>) = 0 [pid 6992] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6993] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 6993] <... write resumed>) = 1116 [pid 5869] getdents64(4, [pid 6993] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 6993] <... futex resumed>) = 1 [pid 6992] <... futex resumed>) = 0 [pid 5869] close(4 [pid 6992] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 6993] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5869] rmdir("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 6992] <... futex resumed>) = 0 [pid 6992] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... mmap resumed>) = 0x200000000000 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] unlink("./98/binderfs" [pid 6993] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6993] <... futex resumed>) = 1 [pid 6992] <... futex resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 6992] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6993] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5869] getdents64(3, [pid 6992] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6993] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6996 attached [pid 6995] <... write resumed>) = 2097152 [pid 6993] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(3 [pid 6993] <... futex resumed>) = 1 [pid 5869] <... close resumed>) = 0 [pid 6993] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6992] <... futex resumed>) = 0 [pid 6996] set_robust_list(0x55557616a6a0, 24 [pid 6992] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6996] <... set_robust_list resumed>) = 0 [pid 6992] <... futex resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 204 [pid 6996] chdir("./98" [pid 6992] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6996] <... chdir resumed>) = 0 [pid 6995] munmap(0x7f7017800000, 138412032 [pid 6996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6996] setpgid(0, 0) = 0 [pid 6996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] rmdir("./98" [pid 6996] write(3, "1000", 4) = 4 [pid 5869] <... rmdir resumed>) = 0 [pid 6996] close(3 [pid 6993] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5869] mkdir("./99", 0777 [pid 6996] <... close resumed>) = 0 [pid 6996] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6996] write(1, "executing program\n", 18) = 18 [pid 6996] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 6996] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6997 attached => {parent_tid=[205]}, 88) = 205 [pid 6996] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... mkdir resumed>) = 0 [pid 6996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6996] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6997] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6997] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 6997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6997] memfd_create("syzkaller", 0 [pid 6995] <... munmap resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 6995] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] ioctl(3, LOOP_CLR_FD [pid 6997] <... memfd_create resumed>) = 3 [pid 5869] <... ioctl resumed>) = 0 [pid 6997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6995] <... openat resumed>) = 4 [pid 6997] <... mmap resumed>) = 0x7f7017800000 [pid 6995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3 [pid 6995] close(3) = 0 [pid 6995] close(4) = 0 [pid 6995] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5869] <... close resumed>) = 0 [pid 6995] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 444.788798][ T6995] loop4: detected capacity change from 0 to 4096 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6998 attached [pid 6997] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... umount2 resumed>) = 0 [pid 6998] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 206 [pid 6998] <... set_robust_list resumed>) = 0 [pid 6998] chdir("./99") = 0 [pid 6998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6998] setpgid(0, 0) = 0 [pid 5871] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 6998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 6998] <... openat resumed>) = 3 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 6998] write(3, "1000", 4 [pid 5871] <... close resumed>) = 0 [pid 6998] <... write resumed>) = 4 [pid 6998] close(3 [pid 5871] rmdir("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 6998] <... close resumed>) = 0 [pid 5871] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6998] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6998] <... symlink resumed>) = 0 [pid 5871] unlink("./98/binderfs"executing program [pid 6998] write(1, "executing program\n", 18 [pid 5871] <... unlink resumed>) = 0 [pid 6998] <... write resumed>) = 18 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 6998] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] close(3 [pid 6998] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 6998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5871] rmdir("./98" [pid 6998] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... rmdir resumed>) = 0 [pid 6998] <... mprotect resumed>) = 0 [pid 5871] mkdir("./99", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 6998] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 6999 attached [pid 6999] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 6998] <... clone3 resumed> => {parent_tid=[207]}, 88) = 207 [pid 6997] <... write resumed>) = 2097152 [pid 6999] <... rseq resumed>) = 0 [pid 6998] rt_sigprocmask(SIG_SETMASK, [], [pid 6997] munmap(0x7f7017800000, 138412032 [pid 6999] set_robust_list(0x7f701fd149a0, 24 [pid 6998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6999] <... set_robust_list resumed>) = 0 [pid 6998] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] rt_sigprocmask(SIG_SETMASK, [], [pid 6998] <... futex resumed>) = 0 [pid 6999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6998] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6999] memfd_create("syzkaller", 0 [pid 6997] <... munmap resumed>) = 0 [pid 6999] <... memfd_create resumed>) = 3 [pid 6997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6997] <... openat resumed>) = 4 [pid 6997] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6995] <... mount resumed>) = 0 ./strace-static-x86_64: Process 7000 attached [pid 6995] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7000] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 206 [pid 6995] <... openat resumed>) = 3 [pid 7000] <... set_robust_list resumed>) = 0 [pid 6995] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7000] chdir("./99" [pid 6995] <... chdir resumed>) = 0 [pid 6995] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6997] <... ioctl resumed>) = 0 [pid 6995] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] close(3 [pid 6995] <... futex resumed>) = 1 [ 444.964152][ T6997] loop0: detected capacity change from 0 to 4096 [pid 6997] <... close resumed>) = 0 [pid 6995] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6994] <... futex resumed>) = 0 [pid 6997] close(4 [pid 6995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6994] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] <... chdir resumed>) = 0 [pid 6995] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6994] <... futex resumed>) = 0 [pid 7000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6997] <... close resumed>) = 0 [pid 6994] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] <... prctl resumed>) = 0 [pid 6997] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7000] setpgid(0, 0 [pid 6997] <... mkdir resumed>) = 0 [pid 7000] <... setpgid resumed>) = 0 [pid 6997] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7000] write(3, "1000", 4) = 4 [pid 7000] close(3executing program ) = 0 [pid 7000] symlink("/dev/binderfs", "./binderfs" [pid 6995] <... openat resumed>) = 4 [pid 7000] <... symlink resumed>) = 0 [pid 6995] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] write(1, "executing program\n", 18 [pid 6995] <... futex resumed>) = 1 [pid 6994] <... futex resumed>) = 0 [pid 7000] <... write resumed>) = 18 [pid 6995] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6994] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6994] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6995] <... openat resumed>) = 5 [pid 7000] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6995] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] <... mmap resumed>) = 0x7f701fcf4000 [pid 6995] <... futex resumed>) = 1 [pid 6994] <... futex resumed>) = 0 [pid 7000] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 6994] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6994] <... futex resumed>) = 0 [pid 7000] <... mprotect resumed>) = 0 [pid 6994] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7000] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6995] <... write resumed>) = 1116 [pid 7000] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6995] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6994] <... futex resumed>) = 0 [pid 7000] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6995] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6994] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6994] <... futex resumed>) = 0 [pid 6995] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6994] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6999] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6995] <... mmap resumed>) = 0x200000000000 ./strace-static-x86_64: Process 7001 attached [pid 6995] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = ? [pid 6995] <... futex resumed>) = 1 [pid 6994] <... futex resumed>) = 0 [pid 6995] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7001] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7000] <... clone3 resumed> => {parent_tid=[207]}, 88) = 207 [pid 6994] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7001] <... rseq resumed>) = 0 [pid 7000] rt_sigprocmask(SIG_SETMASK, [], [pid 6995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6994] <... futex resumed>) = 0 [pid 6993] +++ killed by SIGSEGV (core dumped) +++ [pid 6992] +++ killed by SIGSEGV (core dumped) +++ [pid 7001] set_robust_list(0x7f701fd149a0, 24 [pid 7000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6995] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6994] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=210, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 7001] <... set_robust_list resumed>) = 0 [pid 7000] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7001] rt_sigprocmask(SIG_SETMASK, [], [pid 7000] <... futex resumed>) = 0 [pid 6995] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7001] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7000] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6995] <... futex resumed>) = 1 [pid 6994] <... futex resumed>) = 0 [pid 6994] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7001] memfd_create("syzkaller", 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6995] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6994] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6994] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7001] <... memfd_create resumed>) = 3 [pid 7001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 6997] <... mount resumed>) = 0 [pid 6997] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6999] <... write resumed>) = 2097152 [pid 6997] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 6999] munmap(0x7f7017800000, 138412032 [pid 6997] <... chdir resumed>) = 0 [pid 6997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6997] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6997] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] <... futex resumed>) = 0 [pid 6996] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6997] <... futex resumed>) = 0 [pid 6997] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6999] <... munmap resumed>) = 0 [pid 6997] <... openat resumed>) = 4 [pid 6996] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6996] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6997] <... futex resumed>) = 0 [pid 6997] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6997] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6996] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6996] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6997] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6996] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] <... write resumed>) = 1116 [pid 6997] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6996] <... futex resumed>) = 0 [pid 6997] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6996] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6997] <... mmap resumed>) = 0x200000000000 [pid 6996] <... futex resumed>) = 0 [pid 6997] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6996] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6999] <... openat resumed>) = 4 [pid 6999] ioctl(4, LOOP_SET_FD, 3 [pid 6997] <... futex resumed>) = 0 [pid 6996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6997] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6996] <... futex resumed>) = 0 [pid 6997] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6996] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6997] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6997] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6996] <... futex resumed>) = 0 [pid 6997] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6996] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6997] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6996] <... futex resumed>) = 0 [pid 7001] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6999] <... ioctl resumed>) = 0 [ 445.230378][ T6999] loop2: detected capacity change from 0 to 4096 [pid 6999] close(3 [pid 5870] <... umount2 resumed>) = 0 [pid 6999] <... close resumed>) = 0 [pid 7001] <... write resumed>) = 2097152 [pid 7001] munmap(0x7f7017800000, 138412032 [pid 6999] close(4 [pid 5870] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6999] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6999] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 6999] <... mkdir resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6999] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./98/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./98") = 0 [pid 5870] mkdir("./99", 0777) = 0 [pid 7001] <... munmap resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7001] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... ioctl resumed>) = 0 [pid 7001] <... openat resumed>) = 4 [pid 5870] close(3 [pid 7001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7001] close(3) = 0 [pid 7001] close(4) = 0 [pid 5870] <... close resumed>) = 0 [pid 7001] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 445.342070][ T7001] loop3: detected capacity change from 0 to 4096 [pid 7001] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7002 attached , child_tidptr=0x55557616a690) = 212 [pid 7002] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7002] chdir("./99") = 0 [pid 7002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7002] setpgid(0, 0) = 0 [pid 7002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7002] write(3, "1000", 4) = 4 [pid 7002] close(3) = 0 [pid 7002] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7002] write(1, "executing program\n", 18) = 18 [pid 7002] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7002] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7002] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6999] <... mount resumed>) = 0 [pid 6999] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 6999] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7002] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6999] <... chdir resumed>) = 0 [pid 7002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 6999] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 7003 attached ) = -1 EBUSY (Device or resource busy) [pid 6999] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 6999] <... futex resumed>) = 1 [pid 6998] <... futex resumed>) = 0 [pid 7003] set_robust_list(0x7f701fd149a0, 24 [pid 6999] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6998] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] <... set_robust_list resumed>) = 0 [pid 7002] <... clone3 resumed> => {parent_tid=[213]}, 88) = 213 [pid 6999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6998] <... futex resumed>) = 0 [pid 6999] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 6998] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7003] rt_sigprocmask(SIG_SETMASK, [], [pid 7002] rt_sigprocmask(SIG_SETMASK, [], [pid 7003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7003] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7001] <... mount resumed>) = 0 [pid 7001] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 6999] <... openat resumed>) = 4 [pid 7001] <... openat resumed>) = 3 [pid 7001] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7001] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6999] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6998] <... futex resumed>) = 0 [pid 6998] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6998] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7003] <... futex resumed>) = 0 [pid 7002] <... futex resumed>) = 1 [pid 7001] <... futex resumed>) = 1 [pid 7000] <... futex resumed>) = 0 [pid 6999] <... openat resumed>) = 5 [pid 6994] <... futex resumed>) = ? [pid 7000] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7003] memfd_create("syzkaller", 0 [pid 7002] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6999] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6998] <... futex resumed>) = 0 [pid 7003] <... memfd_create resumed>) = 3 [pid 6999] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6998] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] <... write resumed>) = 1116 [pid 6998] <... futex resumed>) = 0 [pid 7001] <... openat resumed>) = 4 [pid 6998] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7001] <... futex resumed>) = 1 [pid 7000] <... futex resumed>) = 0 [pid 6999] <... futex resumed>) = 1 [pid 6998] <... futex resumed>) = 0 [pid 7001] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7000] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6998] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] <... futex resumed>) = 0 [pid 6998] <... futex resumed>) = 0 [pid 7001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7000] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7001] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6999] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 6998] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7003] <... mmap resumed>) = 0x7f7017800000 [pid 6999] <... mmap resumed>) = 0x200000000000 [pid 6995] +++ killed by SIGSEGV (core dumped) +++ [pid 6994] +++ killed by SIGSEGV (core dumped) +++ [pid 6999] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=204, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 7001] <... openat resumed>) = 5 [pid 6999] <... futex resumed>) = 1 [pid 7001] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6998] <... futex resumed>) = 0 [pid 7001] <... futex resumed>) = 1 [pid 7000] <... futex resumed>) = 0 [pid 6999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6998] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6999] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 6998] <... futex resumed>) = 0 [pid 6999] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 6998] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 6999] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6998] <... futex resumed>) = 0 [pid 6999] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 6998] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7001] <... write resumed>) = 1116 [pid 7000] <... futex resumed>) = 0 [pid 7000] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7000] <... futex resumed>) = 0 [pid 7000] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7001] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7000] <... futex resumed>) = 0 [pid 7000] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7001] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7000] <... futex resumed>) = 0 [pid 7000] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7000] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7001] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 6997] +++ killed by SIGSEGV (core dumped) +++ [pid 6996] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=204, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7003] <... write resumed>) = 2097152 [pid 7003] munmap(0x7f7017800000, 138412032 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] <... munmap resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7003] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7003] <... openat resumed>) = 4 [pid 5872] getdents64(4, [pid 7003] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] <... ioctl resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7003] close(3 [pid 5872] unlink("./98/binderfs" [pid 7003] <... close resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 7003] close(4 [pid 5872] getdents64(3, [pid 7003] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5872] close(3 [pid 7003] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5872] <... close resumed>) = 0 [pid 7003] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] rmdir("./98") = 0 [pid 5872] mkdir("./99", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 445.805514][ T7003] loop1: detected capacity change from 0 to 4096 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x39\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./98/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./98") = 0 [pid 5868] mkdir("./99", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7000] <... futex resumed>) = ? [pid 7001] +++ killed by SIGSEGV (core dumped) +++ [pid 7000] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=206, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] <... close resumed>) = 0 [pid 6998] <... futex resumed>) = ? [pid 5871] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7004 attached [pid 5871] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 7005 attached [pid 5871] newfstatat(3, "", [pid 7004] set_robust_list(0x55557616a6a0, 24 [pid 6999] +++ killed by SIGSEGV (core dumped) +++ [pid 6998] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 206 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=206, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 206 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7005] set_robust_list(0x55557616a6a0, 24 [pid 7004] <... set_robust_list resumed>) = 0 [pid 7005] <... set_robust_list resumed>) = 0 [pid 7004] chdir("./99" [pid 7005] chdir("./99" [pid 7004] <... chdir resumed>) = 0 [pid 7005] <... chdir resumed>) = 0 [pid 7004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7005] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7004] <... prctl resumed>) = 0 [pid 7005] <... prctl resumed>) = 0 [pid 7004] setpgid(0, 0 [pid 7005] setpgid(0, 0 [pid 7004] <... setpgid resumed>) = 0 [pid 7005] <... setpgid resumed>) = 0 [pid 7004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] newfstatat(3, "", [pid 7005] <... openat resumed>) = 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7005] write(3, "1000", 4 [pid 5869] getdents64(3, [pid 7005] <... write resumed>) = 4 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7005] close(3) = 0 [pid 7005] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7005] write(1, "executing program\n", 18) = 18 [pid 7005] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7004] <... openat resumed>) = 3 [pid 7005] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7005] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7004] write(3, "1000", 4 [pid 7005] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7004] <... write resumed>) = 4 [pid 7005] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7004] close(3) = 0 [pid 7005] <... clone3 resumed> => {parent_tid=[207]}, 88) = 207 [pid 7004] symlink("/dev/binderfs", "./binderfs"executing program [pid 7005] rt_sigprocmask(SIG_SETMASK, [], [pid 7004] <... symlink resumed>) = 0 [pid 7005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7004] write(1, "executing program\n", 18 [pid 7005] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7004] <... write resumed>) = 18 [pid 7005] <... futex resumed>) = 0 [pid 7004] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7004] <... futex resumed>) = 0 [pid 7004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 7006 attached ) = 0x7f701fcf4000 [pid 7006] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7004] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7006] <... rseq resumed>) = 0 [pid 7004] <... mprotect resumed>) = 0 [pid 7006] set_robust_list(0x7f701fd149a0, 24 [pid 7004] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7006] <... set_robust_list resumed>) = 0 [pid 7004] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7006] rt_sigprocmask(SIG_SETMASK, [], [pid 7004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7007 attached [pid 7006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7006] memfd_create("syzkaller", 0 [pid 7004] <... clone3 resumed> => {parent_tid=[207]}, 88) = 207 [pid 7003] <... mount resumed>) = 0 [pid 7004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7007] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7004] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7007] <... rseq resumed>) = 0 [pid 7004] <... futex resumed>) = 0 [pid 7007] set_robust_list(0x7f701fd149a0, 24 [pid 7006] <... memfd_create resumed>) = 3 [pid 7003] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7007] <... set_robust_list resumed>) = 0 [pid 7006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7004] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7007] rt_sigprocmask(SIG_SETMASK, [], [pid 7006] <... mmap resumed>) = 0x7f7017800000 [pid 7003] <... openat resumed>) = 3 [pid 7007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7003] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7007] memfd_create("syzkaller", 0 [pid 7003] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7007] <... memfd_create resumed>) = 3 [pid 7003] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7003] <... futex resumed>) = 1 [pid 7002] <... futex resumed>) = 0 [pid 7003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7002] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 7002] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = 0 [pid 7003] <... openat resumed>) = 4 [pid 5871] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7003] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] <... futex resumed>) = 1 [pid 7002] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7002] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7002] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7002] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] <... openat resumed>) = 4 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] getdents64(4, [pid 7003] <... openat resumed>) = 5 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 7003] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] close(4 [pid 7003] <... futex resumed>) = 1 [pid 7002] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7002] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7002] <... futex resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7002] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... rmdir resumed>) = 0 [pid 7003] <... write resumed>) = 1116 [pid 5871] newfstatat(AT_FDCWD, "./99/binderfs", [pid 7003] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] <... futex resumed>) = 1 [pid 7002] <... futex resumed>) = 0 [pid 5871] unlink("./99/binderfs" [pid 7003] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7007] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7002] <... futex resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./99/binderfs", [pid 7003] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7002] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7003] <... mmap resumed>) = 0x200000000000 [pid 5871] getdents64(3, [pid 5869] unlink("./99/binderfs" [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 7003] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 7006] <... write resumed>) = 2097152 [pid 7003] <... futex resumed>) = 1 [pid 7002] <... futex resumed>) = 0 [pid 5871] rmdir("./99" [pid 5869] <... unlink resumed>) = 0 [pid 7006] munmap(0x7f7017800000, 138412032 [pid 7003] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7002] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rmdir resumed>) = 0 [pid 5869] getdents64(3, [pid 7003] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7002] <... futex resumed>) = 0 [pid 5871] mkdir("./100", 0777 [pid 7003] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7002] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... mkdir resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7003] <... futex resumed>) = 0 [pid 7002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] close(3 [pid 7003] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 3 [pid 5869] <... close resumed>) = 0 [pid 7003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7002] <... futex resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5869] rmdir("./99" [pid 7003] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7002] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./100", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5871] <... close resumed>) = 0 [pid 7006] <... munmap resumed>) = 0 [pid 7007] <... write resumed>) = 2097152 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7007] munmap(0x7f7017800000, 138412032 [pid 7006] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 7008 attached ) = 4 [pid 7008] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 208 [pid 7008] <... set_robust_list resumed>) = 0 [pid 7008] chdir("./100") = 0 [pid 7008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7008] setpgid(0, 0) = 0 [pid 7008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7008] write(3, "1000", 4 [pid 7007] <... munmap resumed>) = 0 [pid 7006] ioctl(4, LOOP_SET_FD, 3 [pid 7008] <... write resumed>) = 4 [pid 7008] close(3) = 0 executing program [pid 7008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7008] write(1, "executing program\n", 18) = 18 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7008] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7006] <... ioctl resumed>) = 0 [pid 7008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7007] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7006] close(3 [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7009 attached [pid 7008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 208 [pid 7007] <... openat resumed>) = 4 [pid 7009] set_robust_list(0x55557616a6a0, 24 [pid 7007] ioctl(4, LOOP_SET_FD, 3 [pid 7006] <... close resumed>) = 0 [pid 7008] <... clone3 resumed> => {parent_tid=[209]}, 88) = 209 [pid 7008] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7010 attached NULL, 8) = 0 [pid 7008] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7008] <... futex resumed>) = 0 [pid 7010] <... rseq resumed>) = 0 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7010] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7010] memfd_create("syzkaller", 0 [pid 7007] <... ioctl resumed>) = 0 [pid 7009] <... set_robust_list resumed>) = 0 [pid 7006] close(4 [pid 7009] chdir("./100" [pid 7006] <... close resumed>) = 0 [pid 7010] <... memfd_create resumed>) = 3 [pid 7009] <... chdir resumed>) = 0 [pid 7006] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7006] <... mkdir resumed>) = 0 [pid 7010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7009] <... prctl resumed>) = 0 [pid 7006] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7010] <... mmap resumed>) = 0x7f7017800000 [ 446.290138][ T7006] loop0: detected capacity change from 0 to 4096 [ 446.329016][ T7007] loop4: detected capacity change from 0 to 4096 [pid 7009] setpgid(0, 0 [pid 7007] close(3 [pid 7009] <... setpgid resumed>) = 0 [pid 7009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7009] write(3, "1000", 4) = 4 [pid 7007] <... close resumed>) = 0 [pid 7009] close(3 [pid 7007] close(4) = 0 [pid 7009] <... close resumed>) = 0 [pid 7007] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7009] symlink("/dev/binderfs", "./binderfs" [pid 7007] <... mkdir resumed>) = 0 [pid 7009] <... symlink resumed>) = 0 [pid 7007] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"...executing program [pid 7009] write(1, "executing program\n", 18) = 18 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7009] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7011 attached => {parent_tid=[209]}, 88) = 209 [pid 7011] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7009] rt_sigprocmask(SIG_SETMASK, [], [pid 7011] <... rseq resumed>) = 0 [pid 7009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7011] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7009] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] rt_sigprocmask(SIG_SETMASK, [], [pid 7009] <... futex resumed>) = 0 [pid 7011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7011] memfd_create("syzkaller", 0) = 3 [pid 7011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7010] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7006] <... mount resumed>) = 0 [pid 7006] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7006] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7006] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7011] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7006] <... openat resumed>) = 4 [pid 7006] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7006] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7006] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7006] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7005] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7006] <... write resumed>) = 1116 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7006] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] <... write resumed>) = 2097152 [pid 7006] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7010] munmap(0x7f7017800000, 138412032 [pid 7006] <... mmap resumed>) = 0x200000000000 [pid 7006] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7005] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7005] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7006] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7006] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7005] <... futex resumed>) = 0 [pid 7006] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7005] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... write resumed>) = 2097152 [pid 7007] <... mount resumed>) = 0 [pid 7007] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7010] <... munmap resumed>) = 0 [pid 7007] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7007] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7007] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7004] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7007] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7010] <... openat resumed>) = 4 [pid 7010] ioctl(4, LOOP_SET_FD, 3 [pid 7011] munmap(0x7f7017800000, 138412032 [pid 7007] <... openat resumed>) = 4 [pid 7007] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7004] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... munmap resumed>) = 0 [pid 7007] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7011] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7010] <... ioctl resumed>) = 0 [pid 7007] <... openat resumed>) = 5 [pid 7002] <... futex resumed>) = ? [pid 7010] close(3) = 0 [pid 7010] close(4) = 0 [pid 7010] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7010] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7011] <... openat resumed>) = 4 [ 446.596621][ T7010] loop3: detected capacity change from 0 to 4096 [pid 7007] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] ioctl(4, LOOP_SET_FD, 3 [pid 7007] <... futex resumed>) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7007] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7004] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7007] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7007] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7004] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7007] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7004] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... ioctl resumed>) = 0 [pid 7007] <... mmap resumed>) = 0x200000000000 [pid 7007] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7004] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7004] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] close(3 [pid 7007] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7011] <... close resumed>) = 0 [pid 7007] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7011] close(4 [pid 7007] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... close resumed>) = 0 [pid 7007] <... futex resumed>) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7004] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7007] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7004] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7003] +++ killed by SIGSEGV (core dumped) +++ [pid 7011] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7002] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=212, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 7011] <... mkdir resumed>) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [ 446.651590][ T7011] loop2: detected capacity change from 0 to 4096 [pid 7011] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7010] <... mount resumed>) = 0 [pid 7010] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7010] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7010] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7010] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7010] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7010] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7010] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7008] <... futex resumed>) = 0 [pid 7010] <... mmap resumed>) = 0x200000000000 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = 0 [pid 7010] <... futex resumed>) = 1 [pid 7010] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] <... futex resumed>) = 0 [pid 7010] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7010] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7008] <... futex resumed>) = 0 [pid 7008] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7008] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./99/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./99") = 0 [pid 5870] mkdir("./100", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7011] <... mount resumed>) = 0 [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 7011] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7011] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7005] <... futex resumed>) = ? [pid 5870] <... close resumed>) = 0 [pid 7011] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7011] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7011] <... futex resumed>) = 1 [pid 7009] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7012 attached [pid 7011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7009] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 214 [pid 7012] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7006] +++ killed by SIGSEGV (core dumped) +++ [pid 7005] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=206, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 7012] chdir("./100" [pid 5868] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", [pid 7012] <... chdir resumed>) = 0 [pid 7011] <... openat resumed>) = 4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] getdents64(3, [pid 7012] setpgid(0, 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7012] <... setpgid resumed>) = 0 [pid 7011] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7011] <... futex resumed>) = 1 [pid 7009] <... futex resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7009] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] <... openat resumed>) = 3 [pid 7011] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] write(3, "1000", 4) = 4 [pid 7012] close(3) = 0 [pid 7012] symlink("/dev/binderfs", "./binderfs" [pid 7011] <... openat resumed>) = 5 [pid 7011] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7011] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] <... symlink resumed>) = 0 [pid 7012] write(1, "executing program\n", 18executing program ) = 18 [pid 7012] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... futex resumed>) = 0 [pid 7009] <... futex resumed>) = 1 [pid 7011] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7012] <... futex resumed>) = 0 [pid 7012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... write resumed>) = 1116 [pid 7012] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7011] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] <... mprotect resumed>) = 0 [pid 7011] <... futex resumed>) = 1 [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7011] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7012] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7011] <... mmap resumed>) = 0x200000000000 [pid 7012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7011] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7013 attached ) = 1 [pid 7011] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7011] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7013] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7012] <... clone3 resumed> => {parent_tid=[215]}, 88) = 215 [pid 7011] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7004] <... futex resumed>) = ? [pid 7013] <... rseq resumed>) = 0 [pid 7012] rt_sigprocmask(SIG_SETMASK, [], [pid 7011] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] set_robust_list(0x7f701fd149a0, 24 [pid 7012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7011] <... futex resumed>) = 1 [pid 7011] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7012] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] <... set_robust_list resumed>) = 0 [pid 7009] <... futex resumed>) = 0 [pid 7009] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] rt_sigprocmask(SIG_SETMASK, [], [pid 7012] <... futex resumed>) = 0 [pid 7009] <... futex resumed>) = 1 [pid 7009] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7007] +++ killed by SIGSEGV (core dumped) +++ [pid 7004] +++ killed by SIGSEGV (core dumped) +++ [pid 7011] <... futex resumed>) = 0 [pid 7013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7012] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7011] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=206, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 7013] memfd_create("syzkaller", 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7013] <... memfd_create resumed>) = 3 [pid 5872] <... openat resumed>) = 3 [pid 7013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./99/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./99") = 0 [pid 5868] mkdir("./100", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7008] <... futex resumed>) = ? [pid 7013] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7010] +++ killed by SIGSEGV (core dumped) +++ [pid 7008] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=208, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5871] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7014 attached , child_tidptr=0x55557616a690) = 208 [pid 7014] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7014] chdir("./100") = 0 [pid 7014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7014] setpgid(0, 0) = 0 [pid 7014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 7014] write(3, "1000", 4) = 4 [pid 7014] close(3) = 0 [pid 7014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7014] write(1, "executing program\n", 18) = 18 [pid 7014] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 7014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7014] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7014] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7014] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5872] umount2("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7015 attached ) = -1 EINVAL (Invalid argument) [pid 7014] <... clone3 resumed> => {parent_tid=[209]}, 88) = 209 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7014] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... openat resumed>) = 4 [pid 7014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] newfstatat(4, "", [pid 7014] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7014] <... futex resumed>) = 0 [pid 5872] getdents64(4, [pid 7015] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7014] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7015] <... rseq resumed>) = 0 [pid 5872] getdents64(4, [pid 7015] set_robust_list(0x7f701fd149a0, 24 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7015] <... set_robust_list resumed>) = 0 [pid 7015] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] close(4 [pid 7015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... close resumed>) = 0 [pid 7015] memfd_create("syzkaller", 0 [pid 5872] rmdir("\x2e\x2f\x39\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./99/binderfs") = 0 [pid 7015] <... memfd_create resumed>) = 3 [pid 7013] <... write resumed>) = 2097152 [pid 5872] getdents64(3, [pid 7015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7013] munmap(0x7f7017800000, 138412032 [pid 7015] <... mmap resumed>) = 0x7f7017800000 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./99") = 0 [pid 7013] <... munmap resumed>) = 0 [pid 5872] mkdir("./100", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 7013] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] close(3 [pid 7013] <... openat resumed>) = 4 [pid 7013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] <... close resumed>) = 0 [pid 7013] close(3 [pid 5871] <... umount2 resumed>) = 0 [pid 7015] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7013] <... close resumed>) = 0 [pid 7011] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7013] close(4) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7013] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7009] <... futex resumed>) = ? [pid 7013] <... mkdir resumed>) = 0 [ 447.478815][ T7013] loop1: detected capacity change from 0 to 4096 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7013] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7009] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] close(4) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=208, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5871] rmdir("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./100/binderfs", [pid 5869] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] unlink("./100/binderfs" [pid 5869] <... openat resumed>) = 3 [pid 5871] <... unlink resumed>) = 0 [pid 5869] newfstatat(3, "", ./strace-static-x86_64: Process 7016 attached [pid 5871] getdents64(3, [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] getdents64(3, [pid 5871] close(3 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... close resumed>) = 0 [pid 7016] set_robust_list(0x55557616a6a0, 24 [pid 7015] <... write resumed>) = 2097152 [pid 5871] rmdir("./100" [pid 5869] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7016] <... set_robust_list resumed>) = 0 [pid 7015] munmap(0x7f7017800000, 138412032 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 208 [pid 5871] <... rmdir resumed>) = 0 [pid 7016] chdir("./100") = 0 [pid 7016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7016] setpgid(0, 0) = 0 [pid 7016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7016] write(3, "1000", 4) = 4 [pid 7016] close(3) = 0 [pid 7016] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7016] write(1, "executing program\n", 18) = 18 [pid 5871] mkdir("./101", 0777 [pid 7016] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... mkdir resumed>) = 0 [pid 7016] <... futex resumed>) = 0 [pid 7016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7016] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] <... openat resumed>) = 3 [pid 7016] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7016] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] close(3 [pid 7015] <... munmap resumed>) = 0 [pid 7016] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7017 attached => {parent_tid=[209]}, 88) = 209 [pid 7015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7017] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7015] ioctl(4, LOOP_SET_FD, 3 [pid 7017] <... rseq resumed>) = 0 [pid 7016] rt_sigprocmask(SIG_SETMASK, [], [pid 7017] set_robust_list(0x7f701fd149a0, 24 [pid 7016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7017] <... set_robust_list resumed>) = 0 [pid 7016] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] rt_sigprocmask(SIG_SETMASK, [], [pid 7016] <... futex resumed>) = 0 [pid 7017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7016] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7017] memfd_create("syzkaller", 0) = 3 [pid 7017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7015] <... ioctl resumed>) = 0 [pid 7015] close(3) = 0 [pid 7015] close(4) = 0 [pid 7015] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5871] <... close resumed>) = 0 [ 447.605142][ T7015] loop0: detected capacity change from 0 to 4096 [pid 7015] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7018 attached [pid 7013] <... mount resumed>) = 0 [pid 7018] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 210 [pid 7018] chdir("./101") = 0 [pid 7018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7013] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7018] <... prctl resumed>) = 0 [pid 7018] setpgid(0, 0) = 0 [pid 7013] <... openat resumed>) = 3 [pid 7018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7013] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7018] <... openat resumed>) = 3 [pid 7013] <... chdir resumed>) = 0 [pid 7013] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7018] write(3, "1000", 4 [pid 7013] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7018] <... write resumed>) = 4 [pid 7018] close(3) = 0 [pid 7018] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7018] write(1, "executing program\n", 18 [pid 7013] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7013] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7012] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7012] <... futex resumed>) = 0 [pid 7013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7012] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7018] <... write resumed>) = 18 [pid 7018] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7018] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7019 attached [pid 7019] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7018] <... clone3 resumed> => {parent_tid=[211]}, 88) = 211 [pid 7019] <... rseq resumed>) = 0 [pid 7018] rt_sigprocmask(SIG_SETMASK, [], [pid 7017] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7019] set_robust_list(0x7f701fd149a0, 24 [pid 7018] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] <... set_robust_list resumed>) = 0 [pid 7018] <... futex resumed>) = 0 [pid 7019] rt_sigprocmask(SIG_SETMASK, [], [pid 7018] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7013] <... openat resumed>) = 4 [pid 5869] <... umount2 resumed>) = 0 [pid 7019] memfd_create("syzkaller", 0 [pid 7013] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7012] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7013] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7012] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7019] <... memfd_create resumed>) = 3 [pid 5869] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... openat resumed>) = 4 [pid 7019] <... mmap resumed>) = 0x7f7017800000 [pid 5869] newfstatat(4, "", [pid 7013] <... openat resumed>) = 5 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 7013] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 7012] <... futex resumed>) = 0 [pid 7013] <... futex resumed>) = 1 [pid 5869] rmdir("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7013] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7012] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7012] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7013] <... write resumed>) = 1116 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./100/binderfs" [pid 7013] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 7013] <... futex resumed>) = 1 [pid 7012] <... futex resumed>) = 0 [pid 5869] rmdir("./100" [pid 7013] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7012] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... rmdir resumed>) = 0 [pid 7013] <... mmap resumed>) = 0x200000000000 [pid 7012] <... futex resumed>) = 0 [pid 5869] mkdir("./101", 0777 [pid 7013] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7012] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... mkdir resumed>) = 0 [pid 7012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7012] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7012] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7013] <... futex resumed>) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7013] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7012] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=30000000} [pid 7013] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7013] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... write resumed>) = 2097152 [pid 7015] <... mount resumed>) = 0 [pid 7013] <... futex resumed>) = 1 [pid 7012] <... futex resumed>) = 0 [pid 7017] munmap(0x7f7017800000, 138412032 [pid 7015] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7013] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7012] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7015] <... openat resumed>) = 3 [pid 7015] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7017] <... munmap resumed>) = 0 [pid 7015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7015] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 7015] <... futex resumed>) = 1 [pid 7015] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7017] ioctl(4, LOOP_SET_FD, 3 [pid 7015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7015] <... openat resumed>) = 4 [pid 7015] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7015] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7014] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7015] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7014] <... futex resumed>) = 0 [pid 7015] <... openat resumed>) = 5 [pid 7014] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7015] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7014] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7015] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7020 attached [pid 7019] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7015] <... futex resumed>) = 1 [pid 7020] set_robust_list(0x55557616a6a0, 24 [pid 7015] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] <... set_robust_list resumed>) = 0 [pid 7014] <... futex resumed>) = 0 [pid 7020] chdir("./101" [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 210 [pid 7020] <... chdir resumed>) = 0 [pid 7014] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7015] <... futex resumed>) = 0 [pid 7014] <... futex resumed>) = 1 [pid 7015] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7014] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7015] <... mmap resumed>) = 0x200000000000 [pid 7015] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7020] <... prctl resumed>) = 0 [pid 7015] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7020] setpgid(0, 0 [pid 7014] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] <... setpgid resumed>) = 0 [pid 7015] <... futex resumed>) = 0 [pid 7014] <... futex resumed>) = 1 [pid 7020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7015] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7014] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] <... ioctl resumed>) = 0 [pid 7020] <... openat resumed>) = 3 [pid 7015] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7020] write(3, "1000", 4 [pid 7015] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] <... write resumed>) = 4 [pid 7015] <... futex resumed>) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7020] close(3 [pid 7015] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7014] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] <... close resumed>) = 0 [pid 7020] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7020] write(1, "executing program\n", 18) = 18 [pid 7020] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] close(3 [pid 7020] <... futex resumed>) = 0 [pid 7017] <... close resumed>) = 0 [pid 7020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7017] close(4 [pid 7020] <... mmap resumed>) = 0x7f701fcf4000 [pid 7017] <... close resumed>) = 0 [pid 7020] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7017] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7020] <... mprotect resumed>) = 0 [pid 7017] <... mkdir resumed>) = 0 [pid 7020] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7017] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7020] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7020] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7021 attached => {parent_tid=[211]}, 88) = 211 [pid 7021] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7020] rt_sigprocmask(SIG_SETMASK, [], [pid 7021] <... rseq resumed>) = 0 [pid 7020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7021] set_robust_list(0x7f701fd149a0, 24 [pid 7020] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... set_robust_list resumed>) = 0 [pid 7020] <... futex resumed>) = 0 [ 447.878585][ T7017] loop4: detected capacity change from 0 to 4096 [pid 7021] rt_sigprocmask(SIG_SETMASK, [], [pid 7020] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7021] memfd_create("syzkaller", 0) = 3 [pid 7021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7019] <... write resumed>) = 2097152 [pid 7019] munmap(0x7f7017800000, 138412032) = 0 [pid 7019] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7021] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7019] close(3) = 0 [ 447.998493][ T7019] loop3: detected capacity change from 0 to 4096 [pid 7019] close(4) = 0 [pid 7019] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7019] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7021] <... write resumed>) = 2097152 [pid 7021] munmap(0x7f7017800000, 138412032 [pid 7017] <... mount resumed>) = 0 [pid 7017] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7017] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7017] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7021] <... munmap resumed>) = 0 [pid 7017] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7016] <... futex resumed>) = 0 [pid 7016] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7021] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7021] close(3) = 0 [pid 7021] close(4) = 0 [pid 7021] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7021] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7017] <... openat resumed>) = 4 [pid 7016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7016] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 7017] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 7017] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7016] <... mprotect resumed>) = 0 [pid 7016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 448.178249][ T7021] loop2: detected capacity change from 0 to 4096 [pid 7016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} => {parent_tid=[210]}, 88) = 210 [pid 7016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7022 attached [pid 7016] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7022] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7016] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7022] <... rseq resumed>) = 0 [pid 7022] set_robust_list(0x7f701fcf39a0, 24) = 0 [pid 7022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7022] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7019] <... mount resumed>) = 0 [pid 7022] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7022] <... futex resumed>) = 1 [pid 7016] <... futex resumed>) = 0 [pid 7016] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7022] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7019] <... openat resumed>) = 3 [pid 7017] <... futex resumed>) = 0 [pid 7016] <... futex resumed>) = 1 [pid 7019] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7017] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7016] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7019] <... chdir resumed>) = 0 [pid 7019] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7017] <... write resumed>) = 1116 [pid 7019] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7017] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7017] <... futex resumed>) = 1 [pid 7016] <... futex resumed>) = 0 [pid 7018] <... futex resumed>) = 0 [pid 7017] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7016] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... mmap resumed>) = 0x200000000000 [pid 7016] <... futex resumed>) = 0 [pid 7019] <... futex resumed>) = 0 [pid 7018] <... futex resumed>) = 1 [pid 7017] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7016] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7018] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] <... futex resumed>) = 0 [pid 7016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7017] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7016] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7016] <... futex resumed>) = 0 [pid 7017] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7014] <... futex resumed>) = ? [pid 7012] <... futex resumed>) = ? [pid 7017] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7016] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7016] <... futex resumed>) = 0 [pid 7016] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7016] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7013] +++ killed by SIGSEGV (core dumped) +++ [pid 7012] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=214, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 7019] <... openat resumed>) = 4 [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", [pid 7019] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7019] <... futex resumed>) = 1 [pid 7018] <... futex resumed>) = 0 [pid 7015] +++ killed by SIGSEGV (core dumped) +++ [pid 7014] +++ killed by SIGSEGV (core dumped) +++ [pid 7018] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] getdents64(3, [pid 7018] <... futex resumed>) = 0 [pid 7018] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=208, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7019] <... openat resumed>) = 5 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7019] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7019] <... futex resumed>) = 1 [pid 7018] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7018] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(3, "", [pid 7018] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7019] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7018] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7019] <... write resumed>) = 1116 [pid 7019] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] <... futex resumed>) = 0 [pid 7018] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7019] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7018] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7019] <... mmap resumed>) = 0x200000000000 [pid 7019] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] <... futex resumed>) = 0 [pid 7018] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7018] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7019] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7019] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7018] <... futex resumed>) = 0 [pid 7018] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7018] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 7021] <... mount resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7021] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7021] <... openat resumed>) = 3 [pid 5870] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7021] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7021] <... chdir resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7021] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./100/binderfs") = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./100") = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] mkdir("./101", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7021] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7021] <... futex resumed>) = 1 [pid 7020] <... futex resumed>) = 0 [pid 7020] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7020] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", [pid 7021] <... openat resumed>) = 4 [pid 7021] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7020] <... futex resumed>) = 0 [pid 7020] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7020] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7021] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7021] <... openat resumed>) = 5 [pid 5868] getdents64(4, [pid 7021] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7021] <... futex resumed>) = 1 [pid 7020] <... futex resumed>) = 0 [pid 7020] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7020] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7021] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7021] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7020] <... futex resumed>) = 0 [pid 7020] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7020] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] close(4) = 0 [pid 7021] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5868] rmdir("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7021] <... mmap resumed>) = 0x200000000000 [pid 7021] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7020] <... futex resumed>) = 0 [pid 7021] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7020] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... rmdir resumed>) = 0 [pid 7021] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7020] <... futex resumed>) = 0 [pid 5868] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7020] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./100/binderfs", [pid 7021] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./100/binderfs" [pid 7021] <... futex resumed>) = 1 [pid 7020] <... futex resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5868] getdents64(3, [pid 7021] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7020] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("./100") = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 216 [pid 5868] mkdir("./101", 0777./strace-static-x86_64: Process 7023 attached [pid 7023] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7023] chdir("./101" [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7023] <... chdir resumed>) = 0 [pid 7023] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... openat resumed>) = 3 [pid 7023] <... prctl resumed>) = 0 [pid 7023] setpgid(0, 0) = 0 [pid 7023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3executing program [pid 7023] <... openat resumed>) = 3 [pid 7023] write(3, "1000", 4) = 4 [pid 7023] close(3) = 0 [pid 7023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7023] write(1, "executing program\n", 18) = 18 [pid 7023] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7023] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7024 attached => {parent_tid=[217]}, 88) = 217 [pid 7024] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7023] rt_sigprocmask(SIG_SETMASK, [], [pid 7024] <... rseq resumed>) = 0 [pid 7023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7024] set_robust_list(0x7f701fd149a0, 24 [pid 7023] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] <... set_robust_list resumed>) = 0 [pid 7023] <... futex resumed>) = 0 [pid 7024] rt_sigprocmask(SIG_SETMASK, [], [pid 7023] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7024] memfd_create("syzkaller", 0) = 3 [pid 7024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7022] <... futex resumed>) = ? [pid 7016] <... futex resumed>) = ? [pid 7022] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... close resumed>) = 0 [pid 7017] +++ killed by SIGSEGV (core dumped) +++ [pid 7016] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=208, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5872] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7025 attached ) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7025] set_robust_list(0x55557616a6a0, 24 [pid 7024] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] getdents64(3, [pid 7025] <... set_robust_list resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 210 [pid 7025] chdir("./101" [pid 5872] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7025] <... chdir resumed>) = 0 [pid 7025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7019] +++ killed by SIGSEGV (core dumped) +++ [pid 7018] +++ killed by SIGSEGV (core dumped) +++ [pid 7025] setpgid(0, 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=210, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7025] <... setpgid resumed>) = 0 [pid 5871] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7025] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7025] write(3, "1000", 4) = 4 [pid 7025] close(3) = 0 [pid 7025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7024] <... write resumed>) = 2097152 [pid 7025] write(1, "executing program\n", 18executing program [pid 7024] munmap(0x7f7017800000, 138412032 [pid 7025] <... write resumed>) = 18 [pid 7024] <... munmap resumed>) = 0 [pid 7025] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7025] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7024] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7025] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7024] <... openat resumed>) = 4 [pid 7025] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7024] ioctl(4, LOOP_SET_FD, 3 [pid 7025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7026 attached => {parent_tid=[211]}, 88) = 211 [pid 7026] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7026] <... rseq resumed>) = 0 [pid 7025] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] set_robust_list(0x7f701fd149a0, 24 [pid 7025] <... futex resumed>) = 0 [pid 7026] <... set_robust_list resumed>) = 0 [pid 7026] rt_sigprocmask(SIG_SETMASK, [], [pid 7025] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... umount2 resumed>) = 0 [pid 7026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7026] memfd_create("syzkaller", 0 [pid 7024] <... ioctl resumed>) = 0 [pid 7024] close(3) = 0 [pid 7024] close(4) = 0 [pid 7024] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7024] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7026] <... memfd_create resumed>) = 3 [pid 7026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 448.926385][ T7024] loop1: detected capacity change from 0 to 4096 [pid 5872] umount2("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... openat resumed>) = 4 [pid 5872] newfstatat(4, "", [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(4) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] rmdir("\x2e\x2f\x31\x30\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... rmdir resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5871] newfstatat(4, "", [pid 5872] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] getdents64(4, [pid 7020] <... futex resumed>) = ? [pid 5872] newfstatat(AT_FDCWD, "./100/binderfs", [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./100/binderfs" [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... unlink resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5872] getdents64(3, [pid 5871] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7026] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] close(3 [pid 5871] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5872] <... close resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] rmdir("./100" [pid 5871] unlink("./101/binderfs" [pid 5872] <... rmdir resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5872] mkdir("./101", 0777 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./101") = 0 [pid 5871] mkdir("./102", 0777) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7021] +++ killed by SIGSEGV (core dumped) +++ [pid 7020] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=210, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5872] close(3 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] <... close resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7026] <... write resumed>) = 2097152 [pid 7024] <... mount resumed>) = 0 [pid 7024] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7024] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7024] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7024] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7023] <... futex resumed>) = 0 [pid 7024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7023] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7026] munmap(0x7f7017800000, 138412032 [pid 7024] <... openat resumed>) = 4 [pid 7023] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7024] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 7024] <... futex resumed>) = 1 [pid 7023] <... futex resumed>) = 0 [pid 7024] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7023] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7028 attached [pid 7023] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7026] <... munmap resumed>) = 0 [pid 7028] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7028] chdir("./102" [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 212 ./strace-static-x86_64: Process 7027 attached [pid 7026] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7024] <... openat resumed>) = 5 [pid 7028] <... chdir resumed>) = 0 [pid 7027] set_robust_list(0x55557616a6a0, 24 [pid 7026] <... openat resumed>) = 4 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 211 [pid 7026] ioctl(4, LOOP_SET_FD, 3 [pid 7028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7028] setpgid(0, 0 [pid 7027] <... set_robust_list resumed>) = 0 [pid 7024] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7023] <... futex resumed>) = 0 [pid 7024] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7023] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] <... write resumed>) = 1116 [pid 7023] <... futex resumed>) = 0 [pid 7027] chdir("./101" [pid 7028] <... setpgid resumed>) = 0 [pid 7027] <... chdir resumed>) = 0 [pid 7024] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7024] <... futex resumed>) = 0 [pid 7023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7024] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7023] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] <... mmap resumed>) = 0x200000000000 [pid 7023] <... futex resumed>) = 0 [pid 7028] <... openat resumed>) = 3 [pid 7024] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7024] <... futex resumed>) = 0 [pid 7023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7024] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7023] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] write(3, "1000", 4 [pid 7024] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7023] <... futex resumed>) = 0 [pid 7028] <... write resumed>) = 4 [pid 7024] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] close(3 [pid 7024] <... futex resumed>) = 0 [pid 7023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7028] <... close resumed>) = 0 [pid 7024] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7023] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] symlink("/dev/binderfs", "./binderfs" [pid 7027] <... prctl resumed>) = 0 [pid 7028] <... symlink resumed>) = 0 [pid 7027] setpgid(0, 0) = 0 executing program [pid 7028] write(1, "executing program\n", 18) = 18 [pid 7028] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7028] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7028] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7026] <... ioctl resumed>) = 0 [pid 7028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7027] <... openat resumed>) = 3 [pid 7026] close(3) = 0 [pid 7028] <... clone3 resumed> => {parent_tid=[213]}, 88) = 213 ./strace-static-x86_64: Process 7029 attached [pid 7028] rt_sigprocmask(SIG_SETMASK, [], [pid 7027] write(3, "1000", 4 [pid 7026] close(4 [pid 7027] <... write resumed>) = 4 [pid 7028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7027] close(3 [pid 7026] <... close resumed>) = 0 [pid 7028] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7029] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7027] <... close resumed>) = 0 [pid 7026] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7029] <... rseq resumed>) = 0 [ 449.141292][ T7026] loop0: detected capacity change from 0 to 4096 [pid 7029] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7027] symlink("/dev/binderfs", "./binderfs" [pid 7026] <... mkdir resumed>) = 0 [pid 7029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7029] memfd_create("syzkaller", 0 [pid 7027] <... symlink resumed>) = 0 [pid 7026] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"...executing program [pid 7027] write(1, "executing program\n", 18 [pid 7029] <... memfd_create resumed>) = 3 [pid 7029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7027] <... write resumed>) = 18 [pid 7027] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7027] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7030 attached => {parent_tid=[212]}, 88) = 212 [pid 7030] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7027] rt_sigprocmask(SIG_SETMASK, [], [pid 7030] <... rseq resumed>) = 0 [pid 7027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7030] set_robust_list(0x7f701fd149a0, 24 [pid 7027] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] <... set_robust_list resumed>) = 0 [pid 7030] rt_sigprocmask(SIG_SETMASK, [], [pid 7027] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7030] memfd_create("syzkaller", 0) = 3 [pid 7030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7029] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./101/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./101" [pid 7030] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./102", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7029] <... write resumed>) = 2097152 [pid 7029] munmap(0x7f7017800000, 138412032) = 0 [pid 7026] <... mount resumed>) = 0 [pid 7029] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7026] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7029] <... openat resumed>) = 4 [pid 7026] <... openat resumed>) = 3 [pid 7026] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7029] ioctl(4, LOOP_SET_FD, 3 [pid 7026] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7026] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7025] <... futex resumed>) = 0 [pid 7025] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] <... futex resumed>) = 0 [pid 7025] <... futex resumed>) = 1 [pid 7026] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7025] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7026] <... openat resumed>) = 4 [pid 7029] <... ioctl resumed>) = 0 [pid 7029] close(3 [pid 5869] <... close resumed>) = 0 [pid 7029] <... close resumed>) = 0 [pid 7030] <... write resumed>) = 2097152 [pid 7029] close(4 [pid 7026] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] <... close resumed>) = 0 [pid 7029] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7026] <... futex resumed>) = 1 [pid 7025] <... futex resumed>) = 0 [pid 7023] <... futex resumed>) = ? [pid 7029] <... mkdir resumed>) = 0 [pid 7025] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7025] <... futex resumed>) = 0 [pid 7026] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7025] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7026] <... openat resumed>) = 5 [pid 7026] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7024] +++ killed by SIGSEGV (core dumped) +++ [pid 7023] +++ killed by SIGSEGV (core dumped) +++ [pid 7026] <... futex resumed>) = 1 [pid 7025] <... futex resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=216, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 7025] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7025] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 449.444391][ T7029] loop3: detected capacity change from 0 to 4096 [pid 5870] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7031 attached [pid 7030] munmap(0x7f7017800000, 138412032 [pid 7026] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5870] <... openat resumed>) = 3 [pid 7026] <... write resumed>) = 1116 [pid 5870] newfstatat(3, "", [pid 7031] set_robust_list(0x55557616a6a0, 24 [pid 7026] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, [pid 7031] <... set_robust_list resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7031] chdir("./102" [pid 7026] <... futex resumed>) = 1 [pid 7025] <... futex resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 212 [pid 7031] <... chdir resumed>) = 0 [pid 7031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7026] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7025] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] <... prctl resumed>) = 0 [pid 7031] setpgid(0, 0 [pid 7026] <... mmap resumed>) = 0x200000000000 [pid 7025] <... futex resumed>) = 0 [pid 7031] <... setpgid resumed>) = 0 [pid 7026] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7025] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7026] <... futex resumed>) = 0 [pid 7025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7026] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7025] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7026] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7025] <... futex resumed>) = 0 [pid 7026] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7025] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7026] <... futex resumed>) = 0 [pid 7025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7026] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7031] <... openat resumed>) = 3 [pid 7025] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] write(3, "1000", 4 [pid 7026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7025] <... futex resumed>) = 0 [pid 7031] <... write resumed>) = 4 [pid 7030] <... munmap resumed>) = 0 [pid 7026] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7025] ???( [pid 7031] close(3 [pid 7030] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7031] <... close resumed>) = 0 [pid 7030] <... openat resumed>) = 4 [pid 7030] ioctl(4, LOOP_SET_FD, 3executing program [pid 7031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7031] write(1, "executing program\n", 18) = 18 [pid 7031] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7031] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7030] <... ioctl resumed>) = 0 [pid 7030] close(3) = 0 [pid 7030] close(4) = 0 [pid 7030] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7030] <... mkdir resumed>) = 0 [ 449.523104][ T7030] loop4: detected capacity change from 0 to 4096 [pid 7030] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"..../strace-static-x86_64: Process 7032 attached [pid 7032] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7031] <... clone3 resumed> => {parent_tid=[213]}, 88) = 213 [pid 7032] <... rseq resumed>) = 0 [pid 7031] rt_sigprocmask(SIG_SETMASK, [], [pid 7032] set_robust_list(0x7f701fd149a0, 24 [pid 7031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7032] <... set_robust_list resumed>) = 0 [pid 7031] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] rt_sigprocmask(SIG_SETMASK, [], [pid 7031] <... futex resumed>) = 0 [pid 7032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7031] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7032] memfd_create("syzkaller", 0) = 3 [pid 7032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7029] <... mount resumed>) = 0 [pid 7029] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7029] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7029] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7029] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] <... futex resumed>) = 0 [pid 7029] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7028] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] <... futex resumed>) = 0 [pid 7028] <... futex resumed>) = 1 [pid 7029] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7028] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] <... openat resumed>) = 4 [pid 7029] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] <... futex resumed>) = 0 [pid 7029] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7028] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7028] <... futex resumed>) = 0 [pid 7029] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7028] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] <... openat resumed>) = 5 [pid 5870] <... umount2 resumed>) = 0 [pid 7029] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] <... futex resumed>) = 0 [pid 7028] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7029] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7028] <... futex resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7029] <... write resumed>) = 1116 [pid 7028] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7029] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7029] <... futex resumed>) = 0 [pid 7028] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7029] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7029] <... mmap resumed>) = 0x200000000000 [pid 7028] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7029] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7028] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 4 [pid 7029] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7028] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7030] <... mount resumed>) = 0 [pid 7028] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(4, "", [pid 7029] <... futex resumed>) = 0 [pid 7028] <... futex resumed>) = 1 [pid 7029] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7028] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7030] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7029] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] getdents64(4, [pid 7030] <... openat resumed>) = 3 [pid 7029] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] <... futex resumed>) = 0 [pid 7029] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7028] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7030] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7030] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7030] <... futex resumed>) = 1 [pid 7029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7028] <... futex resumed>) = 0 [pid 7027] <... futex resumed>) = 0 [pid 7027] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7029] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7028] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./101/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./101") = 0 [pid 5870] mkdir("./102", 0777 [pid 7030] <... openat resumed>) = 4 [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7030] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... ioctl resumed>) = 0 [pid 7030] <... futex resumed>) = 1 [pid 7027] <... futex resumed>) = 0 [pid 5870] close(3 [pid 7027] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7030] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] <... futex resumed>) = 0 [pid 7027] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7027] <... futex resumed>) = 0 [pid 7030] <... write resumed>) = 1116 [pid 7027] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7027] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7030] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7027] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] <... mmap resumed>) = 0x200000000000 [pid 7030] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] <... futex resumed>) = 0 [pid 7027] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7030] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7030] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7027] <... futex resumed>) = 0 [pid 7030] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7027] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... write resumed>) = 2097152 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7032] munmap(0x7f7017800000, 138412032./strace-static-x86_64: Process 7033 attached [pid 7033] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7033] chdir("./102" [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 218 [pid 7033] <... chdir resumed>) = 0 [pid 7032] <... munmap resumed>) = 0 [pid 7033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7033] setpgid(0, 0) = 0 [pid 7033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7033] write(3, "1000", 4) = 4 [pid 7033] close(3) = 0 [pid 7032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7033] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7032] <... openat resumed>) = 4 [pid 7033] write(1, "executing program\n", 18) = 18 [pid 7033] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7032] ioctl(4, LOOP_SET_FD, 3 [pid 7033] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[219]}, 88) = 219 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7033] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7034 attached [pid 7034] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7034] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7034] memfd_create("syzkaller", 0 [pid 7032] <... ioctl resumed>) = 0 [pid 7034] <... memfd_create resumed>) = 3 [pid 7034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7032] close(3) = 0 [ 449.821957][ T7032] loop2: detected capacity change from 0 to 4096 [pid 7032] close(4) = 0 [pid 7032] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7032] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7025] <... ??? resumed>) = ? [pid 7034] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7026] +++ killed by SIGSEGV (core dumped) +++ [pid 7025] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=210, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7032] <... mount resumed>) = 0 [pid 7032] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7032] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7032] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7032] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7031] <... futex resumed>) = 0 [pid 7032] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7031] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7031] <... futex resumed>) = 0 [pid 7032] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7031] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7034] <... write resumed>) = 2097152 [pid 7034] munmap(0x7f7017800000, 138412032) = 0 [pid 7032] <... openat resumed>) = 4 [pid 7028] <... futex resumed>) = ? [pid 7034] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7032] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = 0 [pid 7034] ioctl(4, LOOP_SET_FD, 3 [pid 7032] <... futex resumed>) = 1 [pid 7031] <... futex resumed>) = 0 [pid 7032] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7031] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7031] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] +++ killed by SIGSEGV (core dumped) +++ [pid 7028] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=212, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7032] <... openat resumed>) = 5 [pid 5868] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7032] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... restart_syscall resumed>) = 0 [pid 7032] <... futex resumed>) = 1 [pid 7031] <... futex resumed>) = 0 [pid 7031] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5871] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7032] <... write resumed>) = 1116 [pid 5871] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7034] <... ioctl resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5868] newfstatat(4, "", [pid 7034] close(3 [pid 5871] newfstatat(3, "", [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7034] <... close resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 7034] close(4 [pid 5871] getdents64(3, [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7031] <... futex resumed>) = 0 [pid 7034] <... close resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] getdents64(4, [pid 7034] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7031] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7034] <... mkdir resumed>) = 0 [pid 5868] close(4) = 0 [pid 7032] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7031] <... futex resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./101/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./101") = 0 [pid 5868] mkdir("./102", 0777 [pid 7032] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7031] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7034] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7032] <... mmap resumed>) = 0x200000000000 [pid 7031] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 7032] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7032] <... futex resumed>) = 0 [ 450.080682][ T7034] loop1: detected capacity change from 0 to 4096 [pid 5868] close(3 [pid 7032] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7031] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... futex resumed>) = ? [pid 7031] <... futex resumed>) = 0 [pid 7032] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7031] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7032] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7031] <... futex resumed>) = 0 [pid 7030] +++ killed by SIGSEGV (core dumped) +++ [pid 7027] +++ killed by SIGSEGV (core dumped) +++ [pid 7032] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7031] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=211, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7035 attached , child_tidptr=0x55557616a690) = 212 [pid 7035] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7035] chdir("./102") = 0 [pid 7035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7035] setpgid(0, 0) = 0 [pid 7035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7035] write(3, "1000", 4) = 4 [pid 7035] close(3) = 0 executing program [pid 7035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7035] write(1, "executing program\n", 18) = 18 [pid 7035] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5871] <... umount2 resumed>) = 0 [pid 7035] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7035] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7035] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7036 attached [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7035] <... clone3 resumed> => {parent_tid=[213]}, 88) = 213 [pid 7036] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7036] <... rseq resumed>) = 0 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7036] set_robust_list(0x7f701fd149a0, 24 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7036] <... set_robust_list resumed>) = 0 [pid 7035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7036] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7035] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7035] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 7036] memfd_create("syzkaller", 0 [pid 7035] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] <... umount2 resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 7036] <... memfd_create resumed>) = 3 [pid 5872] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] getdents64(4, [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5871] close(4 [pid 5872] newfstatat(4, "", [pid 5871] <... close resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7034] <... mount resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7034] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] newfstatat(AT_FDCWD, "./102/binderfs", [pid 7034] <... openat resumed>) = 3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7034] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] getdents64(4, [pid 5871] unlink("./102/binderfs" [pid 7034] <... chdir resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7034] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] close(4 [pid 7034] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] <... close resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 7034] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] rmdir("\x2e\x2f\x31\x30\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] getdents64(3, [pid 7034] <... futex resumed>) = 1 [pid 7033] <... futex resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7033] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7034] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7033] <... futex resumed>) = 0 [pid 5871] close(3 [pid 7033] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./101/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./101") = 0 [pid 5872] mkdir("./102", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./102") = 0 [pid 5871] mkdir("./103", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7033] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 3 [pid 7033] <... futex resumed>) = 0 [pid 7033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7033] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3 [pid 7033] <... mprotect resumed>) = 0 [pid 7033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} => {parent_tid=[220]}, 88) = 220 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7033] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7033] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7034] <... openat resumed>) = 4 ./strace-static-x86_64: Process 7037 attached [pid 7037] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7034] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7034] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7037] <... rseq resumed>) = 0 [pid 7037] set_robust_list(0x7f701fcf39a0, 24 [pid 7036] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7037] <... set_robust_list resumed>) = 0 [pid 7037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7037] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 7038 attached ) = 5 [pid 7033] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7033] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7034] <... futex resumed>) = 0 [pid 7033] <... futex resumed>) = 1 [pid 7034] write(-1, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7033] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7034] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 7034] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7037] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7034] <... futex resumed>) = 1 [pid 7033] <... futex resumed>) = 0 [pid 7034] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 213 [pid 7034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7033] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7034] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7033] <... futex resumed>) = 0 [pid 7034] <... mmap resumed>) = 0x200000000000 [pid 7033] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7037] <... futex resumed>) = 0 [pid 7034] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7037] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7034] <... futex resumed>) = 1 [pid 7033] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7039 attached [pid 7038] set_robust_list(0x55557616a6a0, 24 [pid 7033] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] <... futex resumed>) = ? [pid 7033] <... futex resumed>) = 0 [pid 7039] set_robust_list(0x55557616a6a0, 24 [pid 7038] <... set_robust_list resumed>) = 0 [pid 7033] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 214 [pid 7038] chdir("./102") = 0 [pid 7038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7039] <... set_robust_list resumed>) = 0 [pid 7038] <... prctl resumed>) = 0 [pid 7034] ioctl(4, FS_IOC_FIEMAP, 0x200000000080 [pid 7039] chdir("./103") = 0 [pid 7038] setpgid(0, 0 [pid 7034] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7038] <... setpgid resumed>) = 0 [pid 7034] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] +++ killed by SIGSEGV (core dumped) +++ [pid 7031] +++ killed by SIGSEGV (core dumped) +++ [pid 7039] <... prctl resumed>) = 0 [pid 7034] <... futex resumed>) = 1 [pid 7033] <... futex resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=212, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 7038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7039] setpgid(0, 0 [pid 7034] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7033] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] <... setpgid resumed>) = 0 [pid 7038] <... openat resumed>) = 3 [pid 5869] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7038] write(3, "1000", 4 [pid 5869] <... openat resumed>) = 3 [pid 7038] <... write resumed>) = 4 [pid 5869] newfstatat(3, "", [pid 7039] <... openat resumed>) = 3 [pid 7038] close(3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7036] <... write resumed>) = 2097152 [pid 5869] getdents64(3, [pid 7039] write(3, "1000", 4 [pid 7038] <... close resumed>) = 0 [pid 7036] munmap(0x7f7017800000, 138412032 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7039] <... write resumed>) = 4 [pid 7038] symlink("/dev/binderfs", "./binderfs" [pid 5869] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7039] close(3 [pid 7038] <... symlink resumed>) = 0 [pid 7036] <... munmap resumed>) = 0 [pid 7039] <... close resumed>) = 0 [pid 7038] write(1, "executing program\n", 18) = 18 [pid 7038] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7039] write(1, "executing program\n", 18 [pid 7038] <... mmap resumed>) = 0x7f701fcf4000 [pid 7036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7038] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITEexecuting program ) = 0 [pid 7039] <... write resumed>) = 18 [pid 7038] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7036] ioctl(4, LOOP_SET_FD, 3 [pid 7039] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7039] <... futex resumed>) = 0 [pid 7038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 7041 attached ) = 0x7f701fcf4000 [pid 7038] <... clone3 resumed> => {parent_tid=[214]}, 88) = 214 [pid 7039] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7038] rt_sigprocmask(SIG_SETMASK, [], [pid 7041] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7039] <... mprotect resumed>) = 0 [pid 7038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7036] <... ioctl resumed>) = 0 [pid 7038] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... rseq resumed>) = 0 [pid 7039] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7038] <... futex resumed>) = 0 [pid 7036] close(3 [pid 7041] set_robust_list(0x7f701fd149a0, 24 [pid 7039] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7038] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7036] <... close resumed>) = 0 [pid 7041] <... set_robust_list resumed>) = 0 [pid 7039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7041] rt_sigprocmask(SIG_SETMASK, [], [pid 7036] close(4 [pid 7041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7036] <... close resumed>) = 0 [pid 7041] memfd_create("syzkaller", 0 [pid 7036] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7036] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"..../strace-static-x86_64: Process 7042 attached [ 450.604085][ T7036] loop0: detected capacity change from 0 to 4096 [pid 7042] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7041] <... memfd_create resumed>) = 3 [pid 7039] <... clone3 resumed> => {parent_tid=[215]}, 88) = 215 [pid 7042] <... rseq resumed>) = 0 [pid 7042] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7042] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7039] rt_sigprocmask(SIG_SETMASK, [], [pid 7041] <... mmap resumed>) = 0x7f7017800000 [pid 7039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7039] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7042] <... futex resumed>) = 0 [pid 7039] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7042] memfd_create("syzkaller", 0) = 3 [pid 7042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7041] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./102/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./102") = 0 [pid 7042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] mkdir("./103", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7036] <... mount resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7036] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7042] <... write resumed>) = 2097152 [pid 7041] <... write resumed>) = 2097152 [pid 7036] <... openat resumed>) = 3 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7036] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 7044 attached [pid 7042] munmap(0x7f7017800000, 138412032 [pid 7041] munmap(0x7f7017800000, 138412032 [pid 7036] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] set_robust_list(0x55557616a6a0, 24 [pid 7036] <... futex resumed>) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7035] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7044] <... set_robust_list resumed>) = 0 [pid 7044] chdir("./103") = 0 [pid 7044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7044] setpgid(0, 0executing program ) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 214 [pid 7044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7044] write(3, "1000", 4) = 4 [pid 7044] close(3) = 0 [pid 7044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7044] write(1, "executing program\n", 18) = 18 [pid 7044] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7044] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7045 attached => {parent_tid=[215]}, 88) = 215 [pid 7042] <... munmap resumed>) = 0 [pid 7041] <... munmap resumed>) = 0 [pid 7042] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7041] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7045] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7044] rt_sigprocmask(SIG_SETMASK, [], [pid 7042] <... openat resumed>) = 4 [pid 7041] <... openat resumed>) = 4 [pid 7036] <... openat resumed>) = 4 [pid 7042] ioctl(4, LOOP_SET_FD, 3 [pid 7041] ioctl(4, LOOP_SET_FD, 3 [pid 7036] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7035] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7045] <... rseq resumed>) = 0 [pid 7044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7045] set_robust_list(0x7f701fd149a0, 24 [pid 7044] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] <... set_robust_list resumed>) = 0 [pid 7044] <... futex resumed>) = 0 [pid 7045] rt_sigprocmask(SIG_SETMASK, [], [pid 7044] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7045] memfd_create("syzkaller", 0 [pid 7041] <... ioctl resumed>) = 0 [pid 7037] <... futex resumed>) = ? [pid 7036] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7035] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7033] <... futex resumed>) = ? [pid 7045] <... memfd_create resumed>) = 3 [pid 7045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7042] <... ioctl resumed>) = 0 [pid 7041] close(3 [pid 7037] +++ killed by SIGSEGV (core dumped) +++ [pid 7036] <... openat resumed>) = 5 [pid 7034] +++ killed by SIGSEGV (core dumped) +++ [pid 7033] +++ killed by SIGSEGV (core dumped) +++ [pid 7041] <... close resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=218, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 7041] close(4 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7042] close(3 [pid 7041] <... close resumed>) = 0 [pid 7036] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... close resumed>) = 0 [pid 7036] <... futex resumed>) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7042] close(4 [pid 7035] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7042] <... close resumed>) = 0 [pid 7041] <... mkdir resumed>) = 0 [pid 7036] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7035] <... futex resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7042] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7041] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7036] <... write resumed>) = 1116 [pid 7035] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] <... mkdir resumed>) = 0 [pid 7036] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7042] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7036] <... futex resumed>) = 0 [pid 7035] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7036] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7035] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7035] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7036] <... mmap resumed>) = 0x200000000000 [pid 5870] <... openat resumed>) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 450.950577][ T7041] loop4: detected capacity change from 0 to 4096 [ 450.960453][ T7042] loop3: detected capacity change from 0 to 4096 [pid 5870] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7036] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7036] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7035] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7035] <... futex resumed>) = 0 [pid 7036] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7036] <... futex resumed>) = 0 [pid 7036] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7035] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7036] <... futex resumed>) = 0 [pid 7036] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7035] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7041] <... mount resumed>) = 0 [pid 7041] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7041] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... umount2 resumed>) = 0 [pid 7041] <... chdir resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7041] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7041] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7041] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7045] <... write resumed>) = 2097152 [pid 7042] <... mount resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7041] <... futex resumed>) = 1 [pid 5870] newfstatat(4, "", [pid 7038] <... futex resumed>) = 0 [pid 7042] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7041] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7042] <... openat resumed>) = 3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7038] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] getdents64(4, [pid 7041] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7038] <... futex resumed>) = 0 [pid 5870] close(4 [pid 7042] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7038] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7042] <... chdir resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./102/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7042] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] close(3) = 0 [pid 7045] munmap(0x7f7017800000, 138412032 [pid 5870] rmdir("./102" [pid 7042] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7045] <... munmap resumed>) = 0 [pid 7042] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 7042] <... futex resumed>) = 1 [pid 7041] <... openat resumed>) = 4 [pid 7039] <... futex resumed>) = 0 [pid 5870] mkdir("./103", 0777 [pid 7042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7039] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... mkdir resumed>) = 0 [pid 7039] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7039] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 7041] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(3 [pid 7041] <... futex resumed>) = 1 [pid 7038] <... futex resumed>) = 0 [pid 7041] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7041] <... futex resumed>) = 0 [pid 7041] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7041] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7041] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7038] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7045] <... openat resumed>) = 4 [pid 7045] ioctl(4, LOOP_SET_FD, 3 [pid 7038] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... openat resumed>) = 4 [pid 7041] <... futex resumed>) = 0 [pid 7038] <... futex resumed>) = 1 [pid 7042] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7038] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] <... futex resumed>) = 1 [pid 7041] <... write resumed>) = 1116 [pid 7039] <... futex resumed>) = 0 [pid 7042] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... futex resumed>) = 0 [pid 7041] <... futex resumed>) = 1 [pid 7039] <... futex resumed>) = 1 [pid 7038] <... futex resumed>) = 0 [pid 7042] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7041] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7039] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7038] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... mmap resumed>) = 0x200000000000 [pid 7038] <... futex resumed>) = 0 [pid 7041] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7041] <... futex resumed>) = 0 [pid 7038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7041] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7038] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... openat resumed>) = 5 [pid 7041] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7038] <... futex resumed>) = 0 [pid 7042] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] <... futex resumed>) = 1 [pid 7041] <... futex resumed>) = 0 [pid 7039] <... futex resumed>) = 0 [pid 7038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7042] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7039] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7038] <... futex resumed>) = 0 [pid 7041] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7038] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7039] <... futex resumed>) = 0 [pid 7039] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7042] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7046 attached [pid 7045] <... ioctl resumed>) = 0 [pid 7042] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7042] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 221 [pid 7046] set_robust_list(0x55557616a6a0, 24 [pid 7045] close(3 [pid 7039] <... futex resumed>) = 0 [pid 7035] <... futex resumed>) = ? [pid 7045] <... close resumed>) = 0 [pid 7039] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7046] <... set_robust_list resumed>) = 0 [pid 7045] close(4 [pid 7042] <... futex resumed>) = 0 [pid 7039] <... futex resumed>) = 1 [pid 7042] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7039] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] <... close resumed>) = 0 [pid 7046] chdir("./103" [pid 7045] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7042] <... mmap resumed>) = 0x200000000000 [pid 7036] +++ killed by SIGSEGV (core dumped) +++ [pid 7035] +++ killed by SIGSEGV (core dumped) +++ [pid 7042] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7046] <... chdir resumed>) = 0 [pid 7045] <... mkdir resumed>) = 0 [pid 7042] <... futex resumed>) = 1 [pid 7039] <... futex resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=212, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 7046] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7042] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7039] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7042] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7039] <... futex resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 7046] <... prctl resumed>) = 0 [pid 7042] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7046] setpgid(0, 0 [pid 7042] <... futex resumed>) = 0 [pid 7039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7045] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7046] <... setpgid resumed>) = 0 [pid 7042] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7039] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7046] <... openat resumed>) = 3 [pid 5868] <... openat resumed>) = 3 [pid 5868] newfstatat(3, "", [ 451.274277][ T7045] loop2: detected capacity change from 0 to 4096 [pid 7046] write(3, "1000", 4) = 4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7046] close(3 [pid 5868] getdents64(3, [pid 7046] <... close resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7046] write(1, "executing program\n", 18) = 18 [pid 7046] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7046] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[222]}, 88) = 222 [pid 7046] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7047 attached NULL, 8) = 0 [pid 7046] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7046] <... futex resumed>) = 0 [pid 7046] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7047] <... rseq resumed>) = 0 [pid 7047] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7047] memfd_create("syzkaller", 0) = 3 [pid 7047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5868] <... umount2 resumed>) = 0 [pid 7047] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7045] <... mount resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7045] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7045] <... openat resumed>) = 3 [pid 7045] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7045] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7045] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7044] <... futex resumed>) = 0 [pid 7045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7044] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7044] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7045] <... openat resumed>) = 4 [pid 7045] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(4, [pid 7045] <... futex resumed>) = 1 [pid 7044] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7044] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(4, [pid 7044] <... futex resumed>) = 0 [pid 7044] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7045] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7045] <... openat resumed>) = 5 [pid 5868] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./102/binderfs" [pid 7045] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7044] <... futex resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7044] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(3, [pid 7044] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7044] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] close(3 [pid 7047] <... write resumed>) = 2097152 [pid 7045] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5868] <... close resumed>) = 0 [pid 7047] munmap(0x7f7017800000, 138412032 [pid 7045] <... write resumed>) = 1116 [pid 5868] rmdir("./102" [pid 7045] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7044] <... futex resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7044] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7044] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7045] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7044] <... futex resumed>) = 0 [pid 7045] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7044] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7044] <... futex resumed>) = 0 [pid 7045] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7045] <... futex resumed>) = 0 [pid 7044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7045] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7044] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... munmap resumed>) = 0 [pid 5868] mkdir("./103", 0777 [pid 7047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7047] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 3 [pid 7047] ioctl(4, LOOP_SET_FD, 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7038] <... futex resumed>) = ? [pid 7047] <... ioctl resumed>) = 0 [pid 7041] +++ killed by SIGSEGV (core dumped) +++ [pid 7038] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=213, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7047] close(3 [pid 5872] <... restart_syscall resumed>) = 0 [pid 7047] <... close resumed>) = 0 [pid 5872] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7047] close(4 [pid 7039] <... futex resumed>) = ? [pid 7047] <... close resumed>) = 0 [pid 7047] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7042] +++ killed by SIGSEGV (core dumped) +++ [pid 7039] +++ killed by SIGSEGV (core dumped) +++ [pid 7047] <... mkdir resumed>) = 0 [pid 5868] <... close resumed>) = 0 [ 451.659653][ T7047] loop1: detected capacity change from 0 to 4096 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=214, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7047] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"..../strace-static-x86_64: Process 7048 attached [pid 5871] <... restart_syscall resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 214 [pid 7048] set_robust_list(0x55557616a6a0, 24 [pid 5871] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7048] <... set_robust_list resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7048] chdir("./103" [pid 5871] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7048] <... chdir resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 7048] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7048] <... prctl resumed>) = 0 [pid 5871] getdents64(3, [pid 7048] setpgid(0, 0) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7048] <... openat resumed>) = 3 [pid 7048] write(3, "1000", 4) = 4 [pid 7048] close(3) = 0 [pid 7048] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7048] write(1, "executing program\n", 18) = 18 [pid 7048] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7048] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7049 attached => {parent_tid=[215]}, 88) = 215 [pid 7049] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7048] rt_sigprocmask(SIG_SETMASK, [], [pid 7049] <... rseq resumed>) = 0 [pid 7048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7049] set_robust_list(0x7f701fd149a0, 24 [pid 7048] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... set_robust_list resumed>) = 0 [pid 7048] <... futex resumed>) = 0 [pid 7049] rt_sigprocmask(SIG_SETMASK, [], [pid 7048] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7049] memfd_create("syzkaller", 0) = 3 [pid 7049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7047] <... mount resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... umount2 resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x30\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7049] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7047] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] newfstatat(AT_FDCWD, "./102/binderfs", [pid 5871] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7047] <... openat resumed>) = 3 [pid 5872] unlink("./102/binderfs" [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7047] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] <... unlink resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7047] <... chdir resumed>) = 0 [pid 5872] getdents64(3, [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7047] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 7047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./102" [pid 7047] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... rmdir resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7047] <... futex resumed>) = 1 [pid 7046] <... futex resumed>) = 0 [pid 5872] mkdir("./103", 0777 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7046] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 7047] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5871] <... openat resumed>) = 4 [pid 7046] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] newfstatat(4, "", [pid 5872] <... openat resumed>) = 3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 7047] <... openat resumed>) = 4 [pid 5871] <... close resumed>) = 0 [pid 7047] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] rmdir("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7047] <... futex resumed>) = 1 [pid 7046] <... futex resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 7047] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7046] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7046] <... futex resumed>) = 0 [pid 7046] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7047] <... openat resumed>) = 5 [pid 5871] unlink("./103/binderfs" [pid 7049] <... write resumed>) = 2097152 [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, [pid 7049] munmap(0x7f7017800000, 138412032 [pid 7047] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7047] <... futex resumed>) = 1 [pid 7046] <... futex resumed>) = 0 [pid 5871] close(3 [pid 7046] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 7046] <... futex resumed>) = 0 [pid 5871] rmdir("./103" [pid 7047] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7046] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... rmdir resumed>) = 0 [pid 7047] <... write resumed>) = 1116 [pid 5871] mkdir("./104", 0777 [pid 7047] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 7049] <... munmap resumed>) = 0 [pid 7047] <... futex resumed>) = 1 [pid 7046] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7046] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7046] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 7047] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7046] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 7052 attached [pid 7047] <... mmap resumed>) = 0x200000000000 [pid 5871] <... ioctl resumed>) = 0 [pid 7052] set_robust_list(0x55557616a6a0, 24 [pid 7047] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] close(3 [pid 7052] <... set_robust_list resumed>) = 0 [pid 7047] <... futex resumed>) = 1 [pid 7046] <... futex resumed>) = 0 [pid 7052] chdir("./103") = 0 [pid 7052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7052] setpgid(0, 0) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 215 [pid 7052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7052] write(3, "1000", 4executing program ) = 4 [pid 7047] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7046] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] close(3 [pid 7046] <... futex resumed>) = 0 [pid 7052] <... close resumed>) = 0 [pid 7046] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7052] write(1, "executing program\n", 18) = 18 [pid 7052] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7052] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7053 attached [pid 7049] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7047] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7053] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7052] <... clone3 resumed> => {parent_tid=[216]}, 88) = 216 [pid 7053] <... rseq resumed>) = 0 [pid 7052] rt_sigprocmask(SIG_SETMASK, [], [pid 7049] <... openat resumed>) = 4 [pid 7047] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] set_robust_list(0x7f701fd149a0, 24 [pid 7052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7053] <... set_robust_list resumed>) = 0 [pid 7053] rt_sigprocmask(SIG_SETMASK, [], [pid 7052] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] ioctl(4, LOOP_SET_FD, 3 [pid 7047] <... futex resumed>) = 1 [pid 7046] <... futex resumed>) = 0 [pid 7053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7052] <... futex resumed>) = 0 [pid 7053] memfd_create("syzkaller", 0 [pid 7052] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7053] <... memfd_create resumed>) = 3 [pid 7053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7047] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7046] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] <... mmap resumed>) = 0x7f7017800000 [pid 7044] <... futex resumed>) = ? [pid 7049] <... ioctl resumed>) = 0 [pid 7049] close(3) = 0 [pid 7049] close(4) = 0 [pid 7049] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7049] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... close resumed>) = 0 [ 452.080940][ T7049] loop0: detected capacity change from 0 to 4096 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7054 attached [pid 7054] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7054] chdir("./104" [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 216 [pid 7054] <... chdir resumed>) = 0 [pid 7054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7054] setpgid(0, 0) = 0 [pid 7054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7054] write(3, "1000", 4) = 4 [pid 7054] close(3) = 0 [pid 7054] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7054] write(1, "executing program\n", 18) = 18 [pid 7054] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7054] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7055 attached [pid 7045] +++ killed by SIGSEGV (core dumped) +++ [pid 7044] +++ killed by SIGSEGV (core dumped) +++ [pid 7054] <... clone3 resumed> => {parent_tid=[217]}, 88) = 217 [pid 7055] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=214, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [pid 7055] <... rseq resumed>) = 0 [pid 7054] rt_sigprocmask(SIG_SETMASK, [], [pid 7053] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7055] set_robust_list(0x7f701fd149a0, 24 [pid 7054] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] <... set_robust_list resumed>) = 0 [pid 7054] <... futex resumed>) = 0 [pid 7055] rt_sigprocmask(SIG_SETMASK, [], [pid 7054] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7055] memfd_create("syzkaller", 0) = 3 [pid 7055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7053] <... write resumed>) = 2097152 [pid 7053] munmap(0x7f7017800000, 138412032) = 0 [pid 7053] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7053] ioctl(4, LOOP_SET_FD, 3 [pid 7055] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7053] <... ioctl resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 7053] close(3) = 0 [pid 7053] close(4) = 0 [pid 7053] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7053] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7049] <... mount resumed>) = 0 [ 452.312922][ T7053] loop4: detected capacity change from 0 to 4096 [pid 7049] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7049] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7049] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7049] <... chdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7049] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7049] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7049] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7049] <... futex resumed>) = 1 [pid 7048] <... futex resumed>) = 0 [pid 7049] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7048] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 4 [pid 7048] <... futex resumed>) = 0 [pid 5869] newfstatat(4, "", [pid 7048] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7049] <... openat resumed>) = 4 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./103/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7049] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(3 [pid 7049] <... futex resumed>) = 1 [pid 7048] <... futex resumed>) = 0 [pid 7049] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7048] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 7049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7048] <... futex resumed>) = 0 [pid 5869] rmdir("./103" [pid 7049] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7048] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7049] <... openat resumed>) = 5 [pid 5869] <... rmdir resumed>) = 0 [pid 7055] <... write resumed>) = 2097152 [pid 7049] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] mkdir("./104", 0777 [pid 7049] <... futex resumed>) = 1 [pid 7048] <... futex resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 7049] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7048] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7048] <... futex resumed>) = 0 [pid 7048] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 3 [pid 7049] <... write resumed>) = 1116 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7049] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... ioctl resumed>) = 0 [pid 7049] <... futex resumed>) = 1 [pid 7048] <... futex resumed>) = 0 [pid 5869] close(3 [pid 7048] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] munmap(0x7f7017800000, 138412032 [pid 7048] <... futex resumed>) = 0 [pid 7048] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7055] <... munmap resumed>) = 0 [pid 7049] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7055] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7049] <... mmap resumed>) = 0x200000000000 [pid 7055] <... openat resumed>) = 4 [pid 7055] ioctl(4, LOOP_SET_FD, 3 [pid 7049] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7048] <... futex resumed>) = 0 [pid 7049] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7048] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7048] <... futex resumed>) = 0 [pid 7049] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7048] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7049] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7049] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7048] <... futex resumed>) = 0 [pid 7049] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7048] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7048] <... futex resumed>) = 0 [pid 7049] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7048] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 7055] <... ioctl resumed>) = 0 [pid 7055] close(3) = 0 [pid 7055] close(4) = 0 [ 452.482461][ T7055] loop3: detected capacity change from 0 to 4096 [pid 7055] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7055] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"..../strace-static-x86_64: Process 7056 attached [pid 7046] <... futex resumed>) = ? [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 216 [pid 7056] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7056] chdir("./104" [pid 7047] +++ killed by SIGSEGV (core dumped) +++ [pid 7046] +++ killed by SIGSEGV (core dumped) +++ [pid 7056] <... chdir resumed>) = 0 [pid 7056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=221, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 7056] <... prctl resumed>) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7056] setpgid(0, 0) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7056] write(3, "1000", 4 [pid 5870] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7056] <... write resumed>) = 4 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7056] close(3 [pid 5870] <... openat resumed>) = 3 executing program [pid 7056] <... close resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 7056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7056] write(1, "executing program\n", 18 [pid 5870] getdents64(3, [pid 7056] <... write resumed>) = 18 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7056] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7056] <... futex resumed>) = 0 [pid 7056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7053] <... mount resumed>) = 0 [pid 7056] <... mmap resumed>) = 0x7f701fcf4000 [pid 7053] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7056] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7053] <... openat resumed>) = 3 [pid 7056] <... mprotect resumed>) = 0 [pid 7056] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7053] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7056] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7053] <... chdir resumed>) = 0 [pid 7053] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7053] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7052] <... futex resumed>) = 0 [pid 7052] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7052] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7053] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7057 attached => {parent_tid=[217]}, 88) = 217 [pid 7057] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7056] rt_sigprocmask(SIG_SETMASK, [], [pid 7057] <... rseq resumed>) = 0 [pid 7057] set_robust_list(0x7f701fd149a0, 24 [pid 7056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7057] <... set_robust_list resumed>) = 0 [pid 7056] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] rt_sigprocmask(SIG_SETMASK, [], [pid 7056] <... futex resumed>) = 0 [pid 7057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7056] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7057] memfd_create("syzkaller", 0) = 3 [pid 7057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7053] <... openat resumed>) = 4 [pid 7057] <... mmap resumed>) = 0x7f7017800000 [pid 7053] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7052] <... futex resumed>) = 0 [pid 7052] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7052] <... futex resumed>) = 0 [pid 7053] <... openat resumed>) = 5 [pid 7052] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7053] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7053] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7052] <... futex resumed>) = 0 [pid 7052] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] <... futex resumed>) = 0 [pid 7052] <... futex resumed>) = 1 [pid 7053] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7052] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7053] <... write resumed>) = 1116 [pid 7053] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7052] <... futex resumed>) = 0 [pid 7052] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7052] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7053] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7053] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7053] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7052] <... futex resumed>) = 0 [pid 7052] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] <... futex resumed>) = 0 [pid 7052] <... futex resumed>) = 1 [pid 7053] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7052] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7053] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7053] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7052] <... futex resumed>) = 0 [pid 7053] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7052] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] <... mount resumed>) = 0 [pid 7055] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7055] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7055] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7055] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7054] <... futex resumed>) = 0 [pid 7054] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7055] <... futex resumed>) = 0 [pid 7054] <... futex resumed>) = 1 [pid 7055] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7054] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7055] <... openat resumed>) = 4 [pid 7055] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7055] <... futex resumed>) = 1 [pid 7054] <... futex resumed>) = 0 [pid 7055] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7054] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7055] <... openat resumed>) = 5 [pid 7055] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7055] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7054] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 7054] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7054] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7055] <... futex resumed>) = 0 [pid 7055] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 5870] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7055] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7054] <... futex resumed>) = 0 [pid 7054] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7055] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7055] <... mmap resumed>) = 0x200000000000 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", [pid 7055] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7055] <... futex resumed>) = 1 [pid 7054] <... futex resumed>) = 0 [pid 7054] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7054] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(4, [pid 7055] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7055] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] getdents64(4, [pid 7055] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7055] <... futex resumed>) = 1 [pid 7054] <... futex resumed>) = 0 [pid 5870] close(4 [pid 7055] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7054] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7054] <... futex resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7055] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7054] ???( [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./103/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./103") = 0 [pid 5870] mkdir("./104", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7057] <... write resumed>) = 2097152 [pid 7057] munmap(0x7f7017800000, 138412032) = 0 [pid 7057] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7048] <... futex resumed>) = ? [pid 7057] <... openat resumed>) = 4 [pid 7057] ioctl(4, LOOP_SET_FD, 3 [pid 7049] +++ killed by SIGSEGV (core dumped) +++ [pid 7048] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=214, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=27 /* 0.27 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7057] <... ioctl resumed>) = 0 [pid 7057] close(3 [pid 5870] <... close resumed>) = 0 [pid 5868] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7057] <... close resumed>) = 0 [pid 7057] close(4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7057] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7057] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5868] newfstatat(3, "", [pid 7057] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7058 attached [pid 7058] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 223 [pid 7058] chdir("./104") = 0 [ 452.902990][ T7057] loop2: detected capacity change from 0 to 4096 [pid 7058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7058] setpgid(0, 0) = 0 [pid 7058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7058] write(3, "1000", 4) = 4 [pid 7058] close(3) = 0 [pid 7058] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7058] write(1, "executing program\n", 18) = 18 [pid 7058] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7058] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7059 attached => {parent_tid=[224]}, 88) = 224 [pid 7058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7058] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7059] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7058] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7059] <... rseq resumed>) = 0 [pid 7059] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7059] memfd_create("syzkaller", 0) = 3 [pid 7059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7057] <... mount resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7057] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] <... openat resumed>) = 4 [pid 7057] <... openat resumed>) = 3 [pid 7057] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7057] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] newfstatat(4, "", [pid 7059] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 7057] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7057] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] getdents64(4, [pid 7057] <... futex resumed>) = 1 [pid 7056] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7056] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(4 [pid 7056] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7056] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] rmdir("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7057] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7052] <... futex resumed>) = ? [pid 7052] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... rmdir resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=215, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5868] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./103/binderfs", [pid 5872] <... restart_syscall resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] unlink("./103/binderfs" [pid 5872] getdents64(3, [pid 5868] <... unlink resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] getdents64(3, [pid 5872] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./103") = 0 [pid 5868] mkdir("./104", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7057] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7057] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7057] <... openat resumed>) = 5 [pid 5868] <... close resumed>) = 0 [pid 7057] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7060 attached [pid 7057] <... write resumed>) = 1116 [pid 7056] <... futex resumed>) = 0 [pid 7057] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7057] <... futex resumed>) = 0 [pid 7056] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7056] <... futex resumed>) = 0 [pid 7060] set_robust_list(0x55557616a6a0, 24 [pid 7057] <... mmap resumed>) = 0x200000000000 [pid 7060] <... set_robust_list resumed>) = 0 [pid 7056] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7054] <... ??? resumed>) = ? [pid 7057] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7060] chdir("./104" [pid 7059] <... write resumed>) = 2097152 [pid 7057] <... futex resumed>) = 1 [pid 7056] <... futex resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 216 [pid 7056] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7060] <... chdir resumed>) = 0 [pid 7060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7056] <... futex resumed>) = 0 [pid 7060] setpgid(0, 0 [pid 7057] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7056] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7060] <... setpgid resumed>) = 0 [pid 7060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7057] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7055] +++ killed by SIGSEGV (core dumped) +++ [pid 7057] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] +++ killed by SIGSEGV (core dumped) +++ [pid 7057] <... futex resumed>) = 1 [pid 7056] <... futex resumed>) = 0 [pid 7056] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=216, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 7056] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7060] <... openat resumed>) = 3 [pid 7057] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7060] write(3, "1000", 4 [pid 7059] munmap(0x7f7017800000, 138412032 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7060] <... write resumed>) = 4 [pid 5871] <... openat resumed>) = 3 [pid 7060] close(3 [pid 5871] newfstatat(3, "", [pid 7060] <... close resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7060] symlink("/dev/binderfs", "./binderfs" [pid 5871] getdents64(3, [pid 7060] <... symlink resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7060] write(1, "executing program\n", 18) = 18 [pid 7060] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7060] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7061 attached [pid 7061] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7060] <... clone3 resumed> => {parent_tid=[217]}, 88) = 217 [pid 7061] <... rseq resumed>) = 0 [pid 7061] set_robust_list(0x7f701fd149a0, 24 [pid 7060] rt_sigprocmask(SIG_SETMASK, [], [pid 7061] <... set_robust_list resumed>) = 0 [pid 7060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7061] rt_sigprocmask(SIG_SETMASK, [], [pid 7060] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7059] <... munmap resumed>) = 0 [pid 7061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7060] <... futex resumed>) = 0 [pid 7060] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7059] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7061] memfd_create("syzkaller", 0 [pid 7059] <... openat resumed>) = 4 [pid 7059] ioctl(4, LOOP_SET_FD, 3 [pid 7061] <... memfd_create resumed>) = 3 [pid 7061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7059] <... ioctl resumed>) = 0 [pid 7059] close(3) = 0 [pid 7059] close(4) = 0 [pid 7059] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7059] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 453.352922][ T7059] loop1: detected capacity change from 0 to 4096 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x30\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./103/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./103") = 0 [pid 5872] mkdir("./104", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7061] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./104/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./104") = 0 [pid 5871] mkdir("./105", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7062 attached [pid 7062] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 217 [pid 7062] chdir("./104") = 0 [pid 5871] <... close resumed>) = 0 [pid 7062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7062] setpgid(0, 0 [pid 7061] <... write resumed>) = 2097152 [pid 7062] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 7063 attached [pid 7062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7063] set_robust_list(0x55557616a6a0, 24 [pid 7062] <... openat resumed>) = 3 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 218 [pid 7063] <... set_robust_list resumed>) = 0 [pid 7062] write(3, "1000", 4) = 4 [pid 7062] close(3 [pid 7063] chdir("./105" [pid 7062] <... close resumed>) = 0 executing program [pid 7062] symlink("/dev/binderfs", "./binderfs" [pid 7061] munmap(0x7f7017800000, 138412032 [pid 7063] <... chdir resumed>) = 0 [pid 7063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7062] <... symlink resumed>) = 0 [pid 7063] <... prctl resumed>) = 0 [pid 7062] write(1, "executing program\n", 18 [pid 7063] setpgid(0, 0 [pid 7062] <... write resumed>) = 18 [pid 7063] <... setpgid resumed>) = 0 [pid 7063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7062] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7056] <... futex resumed>) = ? [pid 7063] write(3, "1000", 4) = 4 [pid 7062] <... futex resumed>) = 0 [pid 7063] close(3 [pid 7062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7063] <... close resumed>) = 0 [pid 7062] <... mmap resumed>) = 0x7f701fcf4000 [pid 7063] symlink("/dev/binderfs", "./binderfs" [pid 7062] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7063] <... symlink resumed>) = 0 [pid 7062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 executing program [pid 7062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7064 attached [pid 7064] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7064] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7064] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] <... clone3 resumed> => {parent_tid=[218]}, 88) = 218 [pid 7062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7062] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... futex resumed>) = 0 [pid 7062] <... futex resumed>) = 1 [pid 7061] <... munmap resumed>) = 0 [pid 7064] memfd_create("syzkaller", 0 [pid 7063] write(1, "executing program\n", 18 [pid 7062] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7063] <... write resumed>) = 18 [pid 7063] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7064] <... memfd_create resumed>) = 3 [pid 7061] ioctl(4, LOOP_SET_FD, 3 [pid 7063] <... futex resumed>) = 0 [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7061] <... ioctl resumed>) = 0 [pid 7061] close(3 [pid 7063] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7061] <... close resumed>) = 0 [pid 7061] close(4) = 0 [pid 7063] <... mprotect resumed>) = 0 [pid 7061] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7063] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7061] <... mkdir resumed>) = 0 [pid 7061] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7057] +++ killed by SIGSEGV (core dumped) +++ [pid 7056] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=216, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7063] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 7065 attached [pid 7059] <... mount resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 7063] <... clone3 resumed> => {parent_tid=[219]}, 88) = 219 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7063] rt_sigprocmask(SIG_SETMASK, [], [pid 7059] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] getdents64(3, [pid 7065] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7063] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 453.588675][ T7061] loop0: detected capacity change from 0 to 4096 [pid 7059] <... openat resumed>) = 3 [pid 7065] <... rseq resumed>) = 0 [pid 7063] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7059] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7065] set_robust_list(0x7f701fd149a0, 24 [pid 7063] <... futex resumed>) = 0 [pid 7059] <... chdir resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7065] <... set_robust_list resumed>) = 0 [pid 7063] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7059] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7065] rt_sigprocmask(SIG_SETMASK, [], [pid 7059] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7065] memfd_create("syzkaller", 0 [pid 7059] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7058] <... futex resumed>) = 0 [pid 7059] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7058] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7065] <... memfd_create resumed>) = 3 [pid 7059] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7058] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7064] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7059] <... openat resumed>) = 4 [pid 7065] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7059] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7058] <... futex resumed>) = 0 [pid 7059] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7058] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7058] <... futex resumed>) = 0 [pid 7059] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7058] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7059] <... openat resumed>) = 5 [pid 7064] <... write resumed>) = 2097152 [pid 7059] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7058] <... futex resumed>) = 0 [pid 7058] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7059] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7058] <... futex resumed>) = 0 [pid 7064] munmap(0x7f7017800000, 138412032 [pid 7059] <... write resumed>) = 1116 [pid 7058] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7059] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... munmap resumed>) = 0 [pid 7064] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7059] <... futex resumed>) = 1 [pid 7058] <... futex resumed>) = 0 [pid 7064] ioctl(4, LOOP_SET_FD, 3 [pid 7059] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7058] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7061] <... mount resumed>) = 0 [pid 7061] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7061] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7061] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7061] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7060] <... futex resumed>) = 0 [pid 7058] <... futex resumed>) = 0 [pid 7058] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7060] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7059] <... mmap resumed>) = 0x200000000000 [pid 7060] <... futex resumed>) = 1 [pid 7061] <... futex resumed>) = 0 [pid 7061] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7065] <... write resumed>) = 2097152 [pid 7064] <... ioctl resumed>) = 0 [pid 7060] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7059] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = 0 [pid 7065] munmap(0x7f7017800000, 138412032 [pid 7064] close(3 [pid 7059] <... futex resumed>) = 1 [pid 7058] <... futex resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7059] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7058] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... close resumed>) = 0 [pid 7059] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7058] <... futex resumed>) = 0 [pid 7064] close(4 [pid 7059] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7064] <... close resumed>) = 0 [pid 7059] <... futex resumed>) = 0 [pid 7058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7064] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7059] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7058] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7064] <... mkdir resumed>) = 0 [pid 7059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7058] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7065] <... munmap resumed>) = 0 [pid 7064] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7059] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7058] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 453.763606][ T7064] loop4: detected capacity change from 0 to 4096 [pid 5869] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7061] <... openat resumed>) = 4 [pid 7061] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7060] <... futex resumed>) = 0 [pid 7061] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7060] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7060] <... futex resumed>) = 0 [pid 7061] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7060] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7061] <... openat resumed>) = 5 [pid 5869] <... openat resumed>) = 4 [pid 7065] <... openat resumed>) = 4 [pid 7061] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(4, "", [pid 7065] ioctl(4, LOOP_SET_FD, 3 [pid 7061] <... futex resumed>) = 1 [pid 7060] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7061] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7060] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(4, [pid 7060] <... futex resumed>) = 0 [pid 7060] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7061] <... write resumed>) = 1116 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./104/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 7061] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] rmdir("./104") = 0 [pid 5869] mkdir("./105", 0777 [pid 7061] <... futex resumed>) = 1 [pid 7060] <... futex resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 7061] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7060] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7065] <... ioctl resumed>) = 0 [pid 7061] <... mmap resumed>) = 0x200000000000 [pid 7060] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 7061] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7060] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7061] <... futex resumed>) = 0 [pid 7060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7061] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7060] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7065] close(3 [pid 7061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7060] <... futex resumed>) = 0 [pid 7061] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7060] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] <... close resumed>) = 0 [pid 7061] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7065] close(4 [pid 7061] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7065] <... close resumed>) = 0 [pid 7061] <... futex resumed>) = 1 [pid 7060] <... futex resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 7065] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7061] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7060] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(3 [pid 7061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7060] <... futex resumed>) = 0 [pid 7060] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] <... mkdir resumed>) = 0 [pid 7061] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [ 453.837808][ T7065] loop3: detected capacity change from 0 to 4096 [pid 7065] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7067 attached [pid 7067] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7067] chdir("./105" [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 218 [pid 7067] <... chdir resumed>) = 0 [pid 7067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7067] setpgid(0, 0) = 0 [pid 7067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7067] write(3, "1000", 4) = 4 [pid 7067] close(3) = 0 [pid 7067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7067] write(1, "executing program\n", 18 [pid 7065] <... mount resumed>) = 0 executing program [pid 7067] <... write resumed>) = 18 [pid 7065] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7067] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7065] <... openat resumed>) = 3 [pid 7067] <... mmap resumed>) = 0x7f701fcf4000 [pid 7065] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7067] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7065] <... chdir resumed>) = 0 [pid 7065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7065] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7065] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7063] <... futex resumed>) = 0 [pid 7067] <... clone3 resumed> => {parent_tid=[219]}, 88) = 219 ./strace-static-x86_64: Process 7068 attached [pid 7067] rt_sigprocmask(SIG_SETMASK, [], [pid 7063] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7063] <... futex resumed>) = 0 [pid 7063] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7067] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7068] <... rseq resumed>) = 0 [pid 7067] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7065] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7064] <... mount resumed>) = 0 [pid 7068] set_robust_list(0x7f701fd149a0, 24 [pid 7065] <... openat resumed>) = 4 [pid 7064] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7068] <... set_robust_list resumed>) = 0 [pid 7064] <... openat resumed>) = 3 [pid 7068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7068] memfd_create("syzkaller", 0 [pid 7065] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7065] <... futex resumed>) = 1 [pid 7064] <... chdir resumed>) = 0 [pid 7063] <... futex resumed>) = 0 [pid 7065] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7064] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7063] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... memfd_create resumed>) = 3 [pid 7063] <... futex resumed>) = 0 [pid 7068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7063] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... mmap resumed>) = 0x7f7017800000 [pid 7064] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7064] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7064] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... futex resumed>) = 0 [pid 7062] <... futex resumed>) = 1 [pid 7064] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7062] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] <... openat resumed>) = 5 [pid 7064] <... openat resumed>) = 4 [pid 7064] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7058] <... futex resumed>) = ? [pid 7065] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7064] <... openat resumed>) = 5 [pid 7063] <... futex resumed>) = 0 [pid 7063] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7065] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7063] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] <... write resumed>) = 1116 [pid 7065] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7065] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7068] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7064] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7059] +++ killed by SIGSEGV (core dumped) +++ [pid 7058] +++ killed by SIGSEGV (core dumped) +++ [pid 7064] <... futex resumed>) = 1 [pid 7063] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] <... futex resumed>) = 0 [pid 7064] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7063] <... futex resumed>) = 1 [pid 7062] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=223, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 7063] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7064] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7062] <... futex resumed>) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7062] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7065] <... futex resumed>) = 0 [pid 7064] <... write resumed>) = 1116 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7065] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7065] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7065] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7063] <... futex resumed>) = 0 [pid 7063] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7063] <... futex resumed>) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7063] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7064] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7065] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7065] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7064] <... futex resumed>) = 1 [pid 7063] <... futex resumed>) = 0 [pid 7062] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7064] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7063] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7062] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7065] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7064] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7063] <... futex resumed>) = 0 [pid 7062] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7064] <... mmap resumed>) = 0x200000000000 [pid 7062] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(3, "", [pid 7064] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7064] <... futex resumed>) = 1 [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] <... write resumed>) = 2097152 [pid 7064] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7062] <... futex resumed>) = 0 [pid 5870] getdents64(3, [pid 7064] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7062] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7068] munmap(0x7f7017800000, 138412032 [pid 7064] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7062] <... futex resumed>) = 0 [pid 7062] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7068] <... munmap resumed>) = 0 [pid 7068] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7068] close(3) = 0 [pid 7060] <... futex resumed>) = ? [pid 7068] close(4 [pid 7061] +++ killed by SIGSEGV (core dumped) +++ [pid 7060] +++ killed by SIGSEGV (core dumped) +++ [pid 7068] <... close resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=216, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7068] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 7068] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 454.278523][ T7068] loop2: detected capacity change from 0 to 4096 [pid 5868] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./104/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./104") = 0 [pid 5870] mkdir("./105", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7069 attached [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7069] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7069] <... set_robust_list resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7069] chdir("./105" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 225 [pid 7069] <... chdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] newfstatat(4, "", [pid 7069] <... prctl resumed>) = 0 [pid 7065] +++ killed by SIGSEGV (core dumped) +++ [pid 7069] setpgid(0, 0 [pid 7068] <... mount resumed>) = 0 [pid 7063] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7069] <... setpgid resumed>) = 0 [pid 7068] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7068] <... openat resumed>) = 3 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=218, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5868] getdents64(4, [pid 7069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7068] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7069] <... openat resumed>) = 3 [pid 7068] <... chdir resumed>) = 0 [pid 7068] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] close(4 [pid 7069] write(3, "1000", 4 [pid 7068] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... close resumed>) = 0 [pid 7069] <... write resumed>) = 4 [pid 5868] rmdir("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7069] close(3 [pid 7068] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] <... close resumed>) = 0 [pid 7068] <... futex resumed>) = 1 [pid 7067] <... futex resumed>) = 0 [pid 5871] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... rmdir resumed>) = 0 [pid 7069] symlink("/dev/binderfs", "./binderfs" [pid 7068] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7067] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7067] <... futex resumed>) = 0 [pid 7067] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7068] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5868] newfstatat(AT_FDCWD, "./104/binderfs", executing program [pid 7069] <... symlink resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7069] write(1, "executing program\n", 18 [pid 5868] unlink("./104/binderfs" [pid 7069] <... write resumed>) = 18 [pid 7069] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... unlink resumed>) = 0 [pid 7069] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5868] getdents64(3, [pid 5871] newfstatat(3, "", [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] close(3 [pid 5871] getdents64(3, [pid 7069] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] <... close resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] rmdir("./104" [pid 7069] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5868] <... rmdir resumed>) = 0 [pid 7069] <... mprotect resumed>) = 0 [pid 5868] mkdir("./105", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7068] <... openat resumed>) = 4 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7069] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 7068] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7064] +++ killed by SIGSEGV (core dumped) +++ [pid 7062] +++ killed by SIGSEGV (core dumped) +++ [pid 7069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7068] <... futex resumed>) = 1 [pid 7067] <... futex resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=217, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 7067] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7067] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 7071 attached [pid 5872] newfstatat(3, "", [pid 7067] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7069] <... clone3 resumed> => {parent_tid=[226]}, 88) = 226 [pid 7068] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7069] rt_sigprocmask(SIG_SETMASK, [], [pid 7071] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7069] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] <... rseq resumed>) = 0 [pid 5872] getdents64(3, [pid 7071] set_robust_list(0x7f701fd149a0, 24 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7071] <... set_robust_list resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7069] <... futex resumed>) = 0 [pid 7068] <... openat resumed>) = 5 [pid 7071] memfd_create("syzkaller", 0 [pid 7069] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7068] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7067] <... futex resumed>) = 0 [pid 7067] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7071] <... memfd_create resumed>) = 3 [pid 7067] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7068] <... write resumed>) = 1116 [pid 7068] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7067] <... futex resumed>) = 0 [pid 7068] <... futex resumed>) = 1 [pid 7067] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7068] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7067] <... futex resumed>) = 0 [pid 7071] <... mmap resumed>) = 0x7f7017800000 [pid 7068] <... mmap resumed>) = 0x200000000000 [pid 7067] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... close resumed>) = 0 [pid 7068] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7068] <... futex resumed>) = 1 ./strace-static-x86_64: Process 7072 attached [pid 7068] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7067] <... futex resumed>) = 0 [pid 7067] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 218 [pid 7068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7072] set_robust_list(0x55557616a6a0, 24 [pid 7067] <... futex resumed>) = 0 [pid 7072] <... set_robust_list resumed>) = 0 [pid 7068] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7067] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7072] chdir("./105" [pid 7068] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7072] <... chdir resumed>) = 0 [pid 7068] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7068] <... futex resumed>) = 1 [pid 7067] <... futex resumed>) = 0 [pid 7072] <... prctl resumed>) = 0 [pid 7068] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7067] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] setpgid(0, 0 [pid 7068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7067] <... futex resumed>) = 0 [pid 7072] <... setpgid resumed>) = 0 [pid 7068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7067] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] <... umount2 resumed>) = 0 [pid 7072] write(3, "1000", 4) = 4 [pid 5871] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7072] close(3) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7072] symlink("/dev/binderfs", "./binderfs" [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7072] <... symlink resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 7072] write(1, "executing program\n", 18 [pid 5871] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7072] <... write resumed>) = 18 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7072] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] <... openat resumed>) = 4 [pid 7072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7072] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] getdents64(4, [pid 7072] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7072] <... mprotect resumed>) = 0 [pid 7071] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7073 attached [pid 5872] <... umount2 resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7072] <... clone3 resumed> => {parent_tid=[219]}, 88) = 219 [pid 7072] rt_sigprocmask(SIG_SETMASK, [], [pid 7073] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] unlink("./105/binderfs" [pid 7073] <... rseq resumed>) = 0 [pid 7072] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... unlink resumed>) = 0 [pid 7073] set_robust_list(0x7f701fd149a0, 24 [pid 7072] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7073] <... set_robust_list resumed>) = 0 [pid 7072] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] getdents64(3, [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7073] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] umount2("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] close(3 [pid 7073] memfd_create("syzkaller", 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./105" [pid 5872] <... openat resumed>) = 4 [pid 5871] <... rmdir resumed>) = 0 [pid 5872] newfstatat(4, "", [pid 5871] mkdir("./106", 0777 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5872] getdents64(4, [pid 7073] <... memfd_create resumed>) = 3 [pid 7071] <... write resumed>) = 2097152 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7071] munmap(0x7f7017800000, 138412032 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] <... ioctl resumed>) = 0 [pid 7073] <... mmap resumed>) = 0x7f7017800000 [pid 7071] <... munmap resumed>) = 0 [pid 5872] getdents64(4, [pid 5871] close(3 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x30\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./104/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./104") = 0 [pid 5872] mkdir("./105", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5871] <... close resumed>) = 0 [pid 7071] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7071] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7074 attached [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 220 [pid 7074] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7074] chdir("./106") = 0 [pid 7074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7074] setpgid(0, 0) = 0 [pid 7074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7074] write(3, "1000", 4) = 4 [pid 7074] close(3) = 0 [pid 7074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7074] write(1, "executing program\n", 18executing program ) = 18 [pid 7074] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7071] <... ioctl resumed>) = 0 [pid 7071] close(3./strace-static-x86_64: Process 7075 attached [pid 7074] <... mmap resumed>) = 0x7f701fcf4000 [pid 7071] <... close resumed>) = 0 [pid 7074] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7071] close(4 [pid 7074] <... mprotect resumed>) = 0 [pid 7071] <... close resumed>) = 0 [pid 7071] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7074] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7071] <... mkdir resumed>) = 0 [pid 7075] set_robust_list(0x55557616a6a0, 24 [pid 7074] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7075] <... set_robust_list resumed>) = 0 [pid 7074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7075] chdir("./105"./strace-static-x86_64: Process 7076 attached [pid 7073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7071] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 219 [pid 7074] <... clone3 resumed> => {parent_tid=[221]}, 88) = 221 [pid 7075] <... chdir resumed>) = 0 [pid 7074] rt_sigprocmask(SIG_SETMASK, [], [pid 7075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7075] setpgid(0, 0 [pid 7074] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7075] <... setpgid resumed>) = 0 [pid 7074] <... futex resumed>) = 0 [pid 7075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7074] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7076] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7075] <... openat resumed>) = 3 [pid 7076] set_robust_list(0x7f701fd149a0, 24 [pid 7075] write(3, "1000", 4 [pid 7076] <... set_robust_list resumed>) = 0 [pid 7075] <... write resumed>) = 4 [pid 7075] close(3) = 0 [pid 7075] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7075] write(1, "executing program\n", 18) = 18 [pid 7075] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7075] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7075] <... mprotect resumed>) = 0 [pid 7075] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7076] memfd_create("syzkaller", 0 [pid 7075] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7077 attached [pid 7076] <... memfd_create resumed>) = 3 [pid 7075] <... clone3 resumed> => {parent_tid=[220]}, 88) = 220 [pid 7077] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [ 454.847465][ T7071] loop1: detected capacity change from 0 to 4096 [pid 7075] rt_sigprocmask(SIG_SETMASK, [], [pid 7077] <... rseq resumed>) = 0 [pid 7075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7077] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7077] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7075] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... mmap resumed>) = 0x7f7017800000 [pid 7077] <... futex resumed>) = 0 [pid 7075] <... futex resumed>) = 1 [pid 7077] memfd_create("syzkaller", 0 [pid 7075] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7077] <... memfd_create resumed>) = 3 [pid 7077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7073] <... write resumed>) = 2097152 [pid 7073] munmap(0x7f7017800000, 138412032 [pid 7076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7073] <... munmap resumed>) = 0 [pid 7073] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7067] <... futex resumed>) = ? [pid 7077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7073] <... openat resumed>) = 4 [pid 7073] ioctl(4, LOOP_SET_FD, 3 [pid 7068] +++ killed by SIGSEGV (core dumped) +++ [pid 7067] +++ killed by SIGSEGV (core dumped) +++ [pid 7071] <... mount resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=218, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7071] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7073] <... ioctl resumed>) = 0 [pid 7073] close(3 [pid 7071] <... openat resumed>) = 3 [pid 7073] <... close resumed>) = 0 [pid 7071] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7073] close(4 [pid 7071] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7073] <... close resumed>) = 0 [pid 7071] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7073] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7071] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... mkdir resumed>) = 0 [pid 7071] <... futex resumed>) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7069] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7071] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7073] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7071] <... openat resumed>) = 4 [ 455.029765][ T7073] loop0: detected capacity change from 0 to 4096 [pid 7077] <... write resumed>) = 2097152 [pid 7076] <... write resumed>) = 2097152 [pid 7071] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] munmap(0x7f7017800000, 138412032 [pid 7071] <... futex resumed>) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7077] munmap(0x7f7017800000, 138412032 [pid 7076] <... munmap resumed>) = 0 [pid 7071] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7069] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7077] <... munmap resumed>) = 0 [pid 7076] ioctl(4, LOOP_SET_FD, 3 [pid 7071] <... openat resumed>) = 5 [pid 7077] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7077] ioctl(4, LOOP_SET_FD, 3 [pid 7071] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7069] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7069] <... futex resumed>) = 0 [pid 7077] <... ioctl resumed>) = 0 [pid 7071] <... write resumed>) = 1116 [pid 7069] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] close(3) = 0 [pid 7077] close(4) = 0 [pid 7077] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7077] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7071] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7071] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7069] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7071] <... mmap resumed>) = 0x200000000000 [pid 7069] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7071] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7071] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7069] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = 0 [pid 7069] <... futex resumed>) = 0 [pid 7071] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7076] <... ioctl resumed>) = 0 [pid 7071] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 455.130226][ T7077] loop4: detected capacity change from 0 to 4096 [ 455.131633][ T7076] loop3: detected capacity change from 0 to 4096 [pid 5869] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7076] close(3 [pid 7071] <... futex resumed>) = 0 [pid 7069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7076] <... close resumed>) = 0 [pid 7071] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7069] <... futex resumed>) = 0 [pid 7076] close(4 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7076] <... close resumed>) = 0 [pid 7071] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7069] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7076] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7073] <... mount resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7073] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7073] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7073] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] newfstatat(AT_FDCWD, "./105/binderfs", [pid 7073] <... chdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7073] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] unlink("./105/binderfs") = 0 [pid 7073] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7073] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(3 [pid 7073] <... futex resumed>) = 1 [pid 7072] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7072] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] rmdir("./105" [pid 7072] <... futex resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7072] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] mkdir("./106", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7073] <... openat resumed>) = 4 [pid 7073] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7072] <... futex resumed>) = 0 [pid 7073] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7072] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7072] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7073] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7073] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7072] <... futex resumed>) = 0 [pid 7073] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7072] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7072] <... futex resumed>) = 0 [pid 7073] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7072] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7073] <... write resumed>) = 1116 [pid 7077] <... mount resumed>) = 0 [pid 7073] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7072] <... futex resumed>) = 0 [pid 7077] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7073] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7072] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7073] <... mmap resumed>) = 0x200000000000 [pid 7072] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7073] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] <... openat resumed>) = 3 [pid 7077] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7073] <... futex resumed>) = 1 [pid 7072] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7072] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] <... chdir resumed>) = 0 [pid 7073] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7072] <... futex resumed>) = 0 [pid 7077] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7072] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7073] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7077] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7073] <... futex resumed>) = 1 [pid 7072] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7078 attached [pid 7077] <... futex resumed>) = 1 [pid 7072] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7072] <... futex resumed>) = 0 [pid 7075] <... futex resumed>) = 0 [pid 7072] ???( [pid 7075] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] set_robust_list(0x55557616a6a0, 24 [pid 7077] <... futex resumed>) = 0 [pid 7075] <... futex resumed>) = 1 [pid 7078] <... set_robust_list resumed>) = 0 [pid 7077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7075] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 220 [pid 7078] chdir("./106") = 0 [pid 7078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7078] setpgid(0, 0) = 0 [pid 7078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7078] write(3, "1000", 4) = 4 [pid 7077] <... openat resumed>) = 4 [pid 7078] close(3) = 0 [pid 7078] symlink("/dev/binderfs", "./binderfs" [pid 7075] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) executing program [pid 7078] <... symlink resumed>) = 0 [pid 7077] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7075] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7077] <... futex resumed>) = 0 [pid 7075] <... mmap resumed>) = 0x7f701fcd3000 [pid 7077] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7075] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7078] write(1, "executing program\n", 18) = 18 [pid 7075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7078] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} [pid 7078] <... futex resumed>) = 0 [pid 7078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7075] <... clone3 resumed> => {parent_tid=[221]}, 88) = 221 [pid 7075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7079 attached [pid 7075] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7079] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7078] <... mmap resumed>) = 0x7f701fcf4000 [pid 7079] <... rseq resumed>) = 0 [pid 7078] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7075] <... futex resumed>) = 0 [pid 7078] <... mprotect resumed>) = 0 [pid 7079] set_robust_list(0x7f701fcf39a0, 24 [pid 7078] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7075] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7078] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7079] <... set_robust_list resumed>) = 0 [pid 7079] rt_sigprocmask(SIG_SETMASK, [], [pid 7078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7079] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7079] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7075] <... futex resumed>) = 0 [pid 7075] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7075] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] <... futex resumed>) = 0 [pid 7077] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7077] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7075] <... futex resumed>) = 0 [pid 7075] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7077] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7075] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7080 attached [pid 7079] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7078] <... clone3 resumed> => {parent_tid=[221]}, 88) = 221 [pid 7077] <... mmap resumed>) = 0x200000000000 [pid 7076] <... mount resumed>) = 0 [pid 7080] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7078] rt_sigprocmask(SIG_SETMASK, [], [pid 7076] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7080] <... rseq resumed>) = 0 [pid 7078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7080] set_robust_list(0x7f701fd149a0, 24 [pid 7078] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7077] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... openat resumed>) = 3 [pid 7080] <... set_robust_list resumed>) = 0 [pid 7078] <... futex resumed>) = 0 [pid 7076] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7078] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7076] <... chdir resumed>) = 0 [pid 7080] rt_sigprocmask(SIG_SETMASK, [], [pid 7077] <... futex resumed>) = 1 [pid 7075] <... futex resumed>) = 0 [pid 7075] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7075] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7077] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7077] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7075] <... futex resumed>) = 0 [pid 7077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7075] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7076] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7080] memfd_create("syzkaller", 0) = 3 [pid 7076] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7076] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7080] <... mmap resumed>) = 0x7f7017800000 [pid 7074] <... futex resumed>) = 0 [pid 7074] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... futex resumed>) = 0 [pid 7074] <... futex resumed>) = 1 [pid 7076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7074] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] <... openat resumed>) = 4 [pid 7076] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7074] <... futex resumed>) = 0 [pid 7074] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7074] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7076] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7076] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7074] <... futex resumed>) = 0 [pid 7074] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... futex resumed>) = 0 [pid 7074] <... futex resumed>) = 1 [pid 7076] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7074] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] <... write resumed>) = 1116 [pid 7076] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7074] <... futex resumed>) = 0 [pid 7076] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7074] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... mmap resumed>) = 0x200000000000 [pid 7074] <... futex resumed>) = 0 [pid 7076] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7074] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] <... futex resumed>) = 0 [pid 7074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7076] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7074] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7074] <... futex resumed>) = 0 [pid 7076] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7074] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7076] <... futex resumed>) = 0 [pid 7074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7074] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7074] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7069] <... futex resumed>) = ? [pid 7080] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7071] +++ killed by SIGSEGV (core dumped) +++ [pid 7069] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=225, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7080] <... write resumed>) = 2097152 [pid 7080] munmap(0x7f7017800000, 138412032) = 0 [pid 7080] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7080] close(3) = 0 [pid 7080] close(4) = 0 [pid 7080] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7072] <... ??? resumed>) = ? [pid 7080] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7075] <... futex resumed>) = ? [pid 7073] +++ killed by SIGSEGV (core dumped) +++ [pid 7072] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=218, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7079] <... futex resumed>) = ? [pid 7079] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... umount2 resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [ 455.759757][ T7080] loop2: detected capacity change from 0 to 4096 [pid 5868] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 5870] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7077] +++ killed by SIGSEGV (core dumped) +++ [pid 7075] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=219, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7074] <... futex resumed>) = ? [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7080] <... mount resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./105/binderfs", [pid 7080] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./105/binderfs" [pid 7080] <... openat resumed>) = 3 [pid 7076] +++ killed by SIGSEGV (core dumped) +++ [pid 7074] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=220, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 7080] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5870] close(3 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./105") = 0 [pid 5871] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] mkdir("./106", 0777 [pid 7080] <... chdir resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7080] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7080] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... ioctl resumed>) = 0 [pid 7080] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7078] <... futex resumed>) = 0 [pid 5870] close(3 [pid 7080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7078] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7078] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7080] <... openat resumed>) = 4 [pid 7080] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7078] <... futex resumed>) = 0 [pid 7080] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7078] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7078] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7080] <... openat resumed>) = 5 [pid 5872] <... umount2 resumed>) = 0 [pid 7080] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7080] <... futex resumed>) = 1 [pid 7078] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7080] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7078] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7078] <... futex resumed>) = 0 [pid 7080] <... write resumed>) = 1116 [pid 7078] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7081 attached [pid 7080] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] set_robust_list(0x55557616a6a0, 24 [pid 7080] <... futex resumed>) = 1 [pid 7078] <... futex resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 227 [pid 7078] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7081] <... set_robust_list resumed>) = 0 [pid 7078] <... futex resumed>) = 0 [pid 7078] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7081] chdir("./106" [pid 7080] <... mmap resumed>) = 0x200000000000 [pid 7081] <... chdir resumed>) = 0 [pid 7080] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7080] <... futex resumed>) = 1 [pid 7078] <... futex resumed>) = 0 [pid 7081] <... prctl resumed>) = 0 [pid 7080] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7078] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7078] <... futex resumed>) = 0 [pid 7081] setpgid(0, 0 [pid 7078] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7081] <... setpgid resumed>) = 0 [pid 7080] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7080] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7081] <... openat resumed>) = 3 [pid 7080] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] write(3, "1000", 4 [pid 7080] <... futex resumed>) = 1 [pid 7078] <... futex resumed>) = 0 [pid 7081] <... write resumed>) = 4 [pid 7080] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7078] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] close(3 [pid 7080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7078] <... futex resumed>) = 0 [pid 7081] <... close resumed>) = 0 [pid 7078] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7081] symlink("/dev/binderfs", "./binderfs" [pid 7080] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7081] <... symlink resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", [pid 5868] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", executing program [pid 7081] write(1, "executing program\n", 18 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] getdents64(4, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] getdents64(4, [pid 5868] <... openat resumed>) = 4 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] newfstatat(4, "", [pid 5872] close(4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... close resumed>) = 0 [pid 5868] getdents64(4, [pid 5872] rmdir("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7081] <... write resumed>) = 18 [pid 5872] <... rmdir resumed>) = 0 [pid 5868] getdents64(4, [pid 5872] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] close(4 [pid 5872] newfstatat(AT_FDCWD, "./105/binderfs", [pid 5868] <... close resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x30\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7081] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] unlink("./105/binderfs" [pid 5868] <... rmdir resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 5868] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] getdents64(3, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7081] <... futex resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./105/binderfs", [pid 7081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] close(3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7081] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] <... close resumed>) = 0 [pid 5868] unlink("./105/binderfs" [pid 7081] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] rmdir("./105" [pid 5868] <... unlink resumed>) = 0 [pid 7081] <... mprotect resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5868] getdents64(3, [pid 5872] mkdir("./106", 0777 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7081] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... mkdir resumed>) = 0 [pid 5868] close(3 [pid 7081] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] <... close resumed>) = 0 [pid 7081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5872] <... openat resumed>) = 3 [pid 5868] rmdir("./105"./strace-static-x86_64: Process 7082 attached [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5868] <... rmdir resumed>) = 0 [pid 7081] <... clone3 resumed> => {parent_tid=[228]}, 88) = 228 [pid 5872] <... ioctl resumed>) = 0 [pid 5868] mkdir("./106", 0777 [pid 7082] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7081] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] close(3 [pid 7082] <... rseq resumed>) = 0 [pid 7081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7082] set_robust_list(0x7f701fd149a0, 24 [pid 7081] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7082] <... set_robust_list resumed>) = 0 [pid 7082] rt_sigprocmask(SIG_SETMASK, [], [pid 7081] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7082] memfd_create("syzkaller", 0) = 3 [pid 5871] <... umount2 resumed>) = 0 [pid 7082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7082] <... mmap resumed>) = 0x7f7017800000 [pid 5871] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38"./strace-static-x86_64: Process 7083 attached ) = 0 [pid 5871] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./106/binderfs" [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7083] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 222 [pid 5871] <... unlink resumed>) = 0 [pid 7083] <... set_robust_list resumed>) = 0 [pid 5871] getdents64(3, ./strace-static-x86_64: Process 7084 attached [pid 7083] chdir("./106" [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7083] <... chdir resumed>) = 0 [pid 5871] close(3 [pid 7083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... close resumed>) = 0 [pid 7083] <... prctl resumed>) = 0 [pid 5871] rmdir("./106" [pid 7083] setpgid(0, 0 [pid 5871] <... rmdir resumed>) = 0 [pid 7084] set_robust_list(0x55557616a6a0, 24 [pid 7083] <... setpgid resumed>) = 0 [pid 5871] mkdir("./107", 0777 [pid 7084] <... set_robust_list resumed>) = 0 [pid 7083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... mkdir resumed>) = 0 [pid 7084] chdir("./106" [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 220 [pid 7084] <... chdir resumed>) = 0 [pid 7083] <... openat resumed>) = 3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7083] write(3, "1000", 4 [pid 5871] <... openat resumed>) = 3 [pid 7084] <... prctl resumed>) = 0 [pid 7083] <... write resumed>) = 4 [pid 7084] setpgid(0, 0) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7083] close(3 [pid 5871] close(3 [pid 7084] <... openat resumed>) = 3 [pid 7083] <... close resumed>) = 0 executing program [pid 7083] symlink("/dev/binderfs", "./binderfs" [pid 7084] write(3, "1000", 4 [pid 7083] <... symlink resumed>) = 0 [pid 7084] <... write resumed>) = 4 [pid 7083] write(1, "executing program\n", 18 [pid 7084] close(3 [pid 7083] <... write resumed>) = 18 [pid 7084] <... close resumed>) = 0 [pid 7083] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7084] symlink("/dev/binderfs", "./binderfs" [pid 7083] <... futex resumed>) = 0 [pid 7084] <... symlink resumed>) = 0 [pid 7083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7083] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 executing program [pid 7084] write(1, "executing program\n", 18 [pid 7083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7084] <... write resumed>) = 18 [pid 7084] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7084] <... futex resumed>) = 0 [pid 7083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7083] <... clone3 resumed> => {parent_tid=[223]}, 88) = 223 ./strace-static-x86_64: Process 7085 attached [pid 7084] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7083] rt_sigprocmask(SIG_SETMASK, [], [pid 7084] <... mprotect resumed>) = 0 [pid 7083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7085] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7083] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... rseq resumed>) = 0 [pid 7084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7083] <... futex resumed>) = 0 [pid 7085] set_robust_list(0x7f701fd149a0, 24 [pid 7084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7083] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7085] <... set_robust_list resumed>) = 0 [pid 7085] rt_sigprocmask(SIG_SETMASK, [], [pid 7084] <... clone3 resumed> => {parent_tid=[221]}, 88) = 221 [pid 7085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7084] rt_sigprocmask(SIG_SETMASK, [], [pid 7085] memfd_create("syzkaller", 0 [pid 7084] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7086 attached [pid 7084] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7085] <... memfd_create resumed>) = 3 [pid 7084] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7086] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5871] <... close resumed>) = 0 [pid 7086] <... rseq resumed>) = 0 [pid 7086] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7086] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7087 attached [pid 7082] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 222 [pid 7087] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7087] chdir("./107") = 0 [pid 7087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7087] setpgid(0, 0) = 0 [pid 7086] memfd_create("syzkaller", 0) = 3 [pid 7087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 7086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7087] write(3, "1000", 4) = 4 [pid 7087] close(3) = 0 [pid 7087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7087] write(1, "executing program\n", 18) = 18 [pid 7087] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7086] <... mmap resumed>) = 0x7f7017800000 [pid 7087] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7085] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7088 attached => {parent_tid=[223]}, 88) = 223 [pid 7087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7087] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7087] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7088] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7088] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7088] memfd_create("syzkaller", 0) = 3 [pid 7088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7086] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7082] <... write resumed>) = 2097152 [pid 7082] munmap(0x7f7017800000, 138412032) = 0 [pid 7082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7082] ioctl(4, LOOP_SET_FD, 3 [pid 7088] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7085] <... write resumed>) = 2097152 [pid 7082] <... ioctl resumed>) = 0 [pid 7078] <... futex resumed>) = ? [pid 7082] close(3) = 0 [pid 7080] +++ killed by SIGSEGV (core dumped) +++ [pid 7078] +++ killed by SIGSEGV (core dumped) +++ [pid 7082] close(4 [pid 7085] munmap(0x7f7017800000, 138412032 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=220, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7082] <... close resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7082] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7086] <... write resumed>) = 2097152 [pid 7086] munmap(0x7f7017800000, 138412032 [pid 7082] <... mkdir resumed>) = 0 [pid 7082] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7086] <... munmap resumed>) = 0 [pid 7085] <... munmap resumed>) = 0 [pid 7088] <... write resumed>) = 2097152 [pid 7085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 456.367868][ T7082] loop1: detected capacity change from 0 to 4096 [pid 7085] ioctl(4, LOOP_SET_FD, 3 [pid 7088] munmap(0x7f7017800000, 138412032 [pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7086] ioctl(4, LOOP_SET_FD, 3 [pid 7088] <... munmap resumed>) = 0 [pid 7085] <... ioctl resumed>) = 0 [pid 7086] <... ioctl resumed>) = 0 [pid 7088] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7085] close(3 [pid 7088] <... openat resumed>) = 4 [pid 7085] <... close resumed>) = 0 [pid 7088] ioctl(4, LOOP_SET_FD, 3 [pid 7086] close(3 [pid 7085] close(4 [pid 7086] <... close resumed>) = 0 [pid 7085] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 7088] <... ioctl resumed>) = 0 [pid 7086] close(4 [pid 7085] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7086] <... close resumed>) = 0 [pid 7085] <... mkdir resumed>) = 0 [pid 7086] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7085] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7086] <... mkdir resumed>) = 0 [pid 7086] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7088] close(3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7088] <... close resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [ 456.425521][ T7085] loop4: detected capacity change from 0 to 4096 [ 456.438036][ T7086] loop0: detected capacity change from 0 to 4096 [ 456.461261][ T7088] loop3: detected capacity change from 0 to 4096 [pid 7088] close(4) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7088] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7088] <... mkdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7088] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./106/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./106") = 0 [pid 5869] mkdir("./107", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7082] <... mount resumed>) = 0 [pid 7082] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7082] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5869] <... close resumed>) = 0 [pid 7082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7089 attached [pid 7082] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 222 [pid 7089] set_robust_list(0x55557616a6a0, 24 [pid 7082] <... futex resumed>) = 1 [pid 7081] <... futex resumed>) = 0 [pid 7089] <... set_robust_list resumed>) = 0 [pid 7081] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] chdir("./107" [pid 7082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7081] <... futex resumed>) = 0 [pid 7089] <... chdir resumed>) = 0 [pid 7081] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7085] <... mount resumed>) = 0 [pid 7089] <... prctl resumed>) = 0 [pid 7089] setpgid(0, 0 [pid 7085] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7089] <... setpgid resumed>) = 0 [pid 7085] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7082] <... openat resumed>) = 4 [pid 7089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7085] <... chdir resumed>) = 0 [pid 7089] <... openat resumed>) = 3 [pid 7085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7082] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] write(3, "1000", 4 [pid 7085] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7082] <... futex resumed>) = 1 [pid 7081] <... futex resumed>) = 0 [pid 7089] <... write resumed>) = 4 [pid 7085] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7089] close(3 [pid 7085] <... futex resumed>) = 1 [pid 7083] <... futex resumed>) = 0 [pid 7089] <... close resumed>) = 0 [pid 7085] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] symlink("/dev/binderfs", "./binderfs" [pid 7085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7083] <... futex resumed>) = 0 [pid 7081] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... symlink resumed>) = 0 [pid 7085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7083] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7082] <... futex resumed>) = 0 [pid 7081] <... futex resumed>) = 1 [pid 7082] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7081] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] write(1, "executing program\n", 18 [pid 7082] <... openat resumed>) = 5 executing program [pid 7089] <... write resumed>) = 18 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... futex resumed>) = 0 [pid 7082] <... futex resumed>) = 1 [pid 7089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7082] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7081] <... futex resumed>) = 0 [pid 7089] <... mmap resumed>) = 0x7f701fcf4000 [pid 7081] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7082] <... futex resumed>) = 0 [pid 7081] <... futex resumed>) = 1 [pid 7082] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7081] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] <... mprotect resumed>) = 0 [pid 7086] <... mount resumed>) = 0 [pid 7082] <... write resumed>) = 1116 [pid 7089] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7086] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7082] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... openat resumed>) = 3 [pid 7082] <... futex resumed>) = 1 [pid 7082] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7089] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7081] <... futex resumed>) = 0 [pid 7081] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7090 attached [pid 7086] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7085] <... openat resumed>) = 4 [pid 7082] <... futex resumed>) = 0 [pid 7081] <... futex resumed>) = 1 [pid 7081] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7089] <... clone3 resumed> => {parent_tid=[223]}, 88) = 223 [pid 7088] <... mount resumed>) = 0 [pid 7086] <... chdir resumed>) = 0 [pid 7085] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7090] <... rseq resumed>) = 0 [pid 7089] rt_sigprocmask(SIG_SETMASK, [], [pid 7086] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7088] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7085] <... futex resumed>) = 1 [pid 7090] set_robust_list(0x7f701fd149a0, 24 [pid 7088] <... openat resumed>) = 3 [pid 7086] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7085] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] <... futex resumed>) = 0 [pid 7082] <... mmap resumed>) = 0x200000000000 [pid 7090] <... set_robust_list resumed>) = 0 [pid 7089] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7086] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] rt_sigprocmask(SIG_SETMASK, [], [pid 7089] <... futex resumed>) = 0 [pid 7086] <... futex resumed>) = 1 [pid 7084] <... futex resumed>) = 0 [pid 7083] <... futex resumed>) = 1 [pid 7082] <... futex resumed>) = 1 [pid 7090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7086] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7084] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7082] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7090] memfd_create("syzkaller", 0 [pid 7088] <... chdir resumed>) = 0 [pid 7086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7085] <... futex resumed>) = 0 [pid 7084] <... futex resumed>) = 0 [pid 7081] <... futex resumed>) = 0 [pid 7088] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7085] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7081] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7081] <... futex resumed>) = 1 [pid 7085] <... openat resumed>) = 5 [pid 7088] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7085] <... futex resumed>) = 1 [pid 7083] <... futex resumed>) = 0 [pid 7082] <... futex resumed>) = 0 [pid 7084] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7082] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7085] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] <... futex resumed>) = 1 [pid 7087] <... futex resumed>) = 0 [pid 7085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7083] <... futex resumed>) = 0 [pid 7087] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7087] <... futex resumed>) = 0 [pid 7085] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7083] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] <... memfd_create resumed>) = 3 [pid 7086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7082] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7085] <... write resumed>) = 1116 [pid 7082] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7087] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7085] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] <... futex resumed>) = 1 [pid 7081] <... futex resumed>) = 0 [pid 7090] <... mmap resumed>) = 0x7f7017800000 [pid 7085] <... futex resumed>) = 1 [pid 7083] <... futex resumed>) = 0 [pid 7082] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7081] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7081] <... futex resumed>) = 0 [pid 7081] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] <... openat resumed>) = 4 [pid 7086] <... openat resumed>) = 4 [pid 7085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7083] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7088] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7083] <... futex resumed>) = 0 [pid 7082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7088] <... futex resumed>) = 1 [pid 7087] <... futex resumed>) = 0 [pid 7088] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7087] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7087] <... futex resumed>) = 0 [pid 7085] <... mmap resumed>) = 0x200000000000 [pid 7083] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7087] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... futex resumed>) = 1 [pid 7088] <... openat resumed>) = 5 [pid 7085] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7084] <... futex resumed>) = 0 [pid 7084] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7085] <... futex resumed>) = 1 [pid 7084] <... futex resumed>) = 0 [pid 7083] <... futex resumed>) = 0 [pid 7084] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7085] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7083] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7083] <... futex resumed>) = 0 [pid 7086] <... openat resumed>) = 5 [pid 7083] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] <... futex resumed>) = 1 [pid 7087] <... futex resumed>) = 0 [pid 7086] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7087] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = 1 [pid 7085] <... futex resumed>) = 1 [pid 7084] <... futex resumed>) = 0 [pid 7083] <... futex resumed>) = 0 [pid 7086] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7085] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7084] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7084] <... futex resumed>) = 0 [pid 7083] <... futex resumed>) = 0 [pid 7085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7084] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7083] ???( [pid 7088] <... write resumed>) = 1116 [pid 7087] <... futex resumed>) = 0 [pid 7088] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] <... futex resumed>) = 0 [pid 7087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7088] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7087] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] <... mmap resumed>) = 0x200000000000 [pid 7087] <... futex resumed>) = 0 [pid 7088] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] <... futex resumed>) = 0 [pid 7087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7086] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7088] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7087] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... write resumed>) = 1116 [pid 7088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7087] <... futex resumed>) = 0 [pid 7086] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7087] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... futex resumed>) = 1 [pid 7084] <... futex resumed>) = 0 [pid 7088] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7084] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7088] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7087] <... futex resumed>) = 0 [pid 7086] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7084] <... futex resumed>) = 0 [pid 7088] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7087] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7084] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7087] <... futex resumed>) = 0 [pid 7088] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7087] ???( [pid 7086] <... mmap resumed>) = 0x200000000000 [pid 7086] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7084] <... futex resumed>) = 0 [pid 7086] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7084] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7086] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7084] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7086] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7084] <... futex resumed>) = 0 [pid 7086] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7084] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7084] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7086] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7090] <... write resumed>) = 2097152 [pid 7090] munmap(0x7f7017800000, 138412032) = 0 [pid 7090] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7090] close(3) = 0 [pid 7090] close(4) = 0 [pid 7090] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7090] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7083] <... ??? resumed>) = ? [ 456.976741][ T7090] loop2: detected capacity change from 0 to 4096 [pid 7085] +++ killed by SIGSEGV (core dumped) +++ [pid 7083] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=222, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5872] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7090] <... mount resumed>) = 0 [pid 7090] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7090] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7090] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7090] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, [pid 7090] <... futex resumed>) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7089] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7081] <... futex resumed>) = ? [pid 7082] +++ killed by SIGSEGV (core dumped) +++ [pid 7081] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=227, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7090] <... openat resumed>) = 4 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7090] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7090] <... futex resumed>) = 1 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", [pid 7090] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7090] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7090] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7090] <... futex resumed>) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7090] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7090] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7090] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7089] <... futex resumed>) = 0 [pid 7089] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7089] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7087] <... ??? resumed>) = ? [pid 7088] +++ killed by SIGSEGV (core dumped) +++ [pid 7087] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=222, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5871] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", [pid 7084] <... futex resumed>) = ? [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7086] +++ killed by SIGSEGV (core dumped) +++ [pid 7084] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=220, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5872] <... openat resumed>) = 4 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5872] newfstatat(4, "", [pid 5868] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 5870] <... umount2 resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(4 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... close resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] rmdir("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] unlink("./106/binderfs" [pid 5870] <... openat resumed>) = 4 [pid 5872] <... unlink resumed>) = 0 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] getdents64(4, [pid 5872] close(3) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] rmdir("./106" [pid 5870] close(4 [pid 5872] <... rmdir resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] mkdir("./107", 0777 [pid 5870] rmdir("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... mkdir resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... openat resumed>) = 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5870] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5872] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] close(3 [pid 5870] unlink("./106/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./106") = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5870] mkdir("./107", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... close resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3./strace-static-x86_64: Process 7091 attached [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7091] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 224 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7091] <... set_robust_list resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7091] chdir("./107" [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7091] <... chdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7091] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 7092 attached [pid 5871] <... openat resumed>) = 4 [pid 7091] <... prctl resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 229 [pid 7092] set_robust_list(0x55557616a6a0, 24 [pid 7091] setpgid(0, 0) = 0 [pid 5871] newfstatat(4, "", [pid 7092] <... set_robust_list resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7092] chdir("./107" [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7092] <... chdir resumed>) = 0 [pid 7092] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7091] <... openat resumed>) = 3 [pid 5871] getdents64(4, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7092] <... prctl resumed>) = 0 [pid 7091] write(3, "1000", 4 [pid 5871] getdents64(4, [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7092] setpgid(0, 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7092] <... setpgid resumed>) = 0 [pid 7091] <... write resumed>) = 4 [pid 5871] close(4 [pid 7092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7091] close(3 [pid 5871] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7091] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7092] <... openat resumed>) = 3 [pid 7091] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... rmdir resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 7092] write(3, "1000", 4 [pid 7091] <... symlink resumed>) = 0 [pid 5871] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] newfstatat(4, "", executing program [pid 7092] <... write resumed>) = 4 [pid 7091] write(1, "executing program\n", 18 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7092] close(3 [pid 7091] <... write resumed>) = 18 [pid 5871] newfstatat(AT_FDCWD, "./107/binderfs", [pid 5868] getdents64(4, [pid 7092] <... close resumed>) = 0 [pid 7091] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7092] symlink("/dev/binderfs", "./binderfs" [pid 7091] <... futex resumed>) = 0 [pid 5871] unlink("./107/binderfs" [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7092] <... symlink resumed>) = 0 [pid 7091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... unlink resumed>) = 0 [pid 5868] close(4 [pid 5871] getdents64(3, [pid 7091] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] <... close resumed>) = 0 [pid 7092] write(1, "executing program\n", 18executing program ) = 18 [pid 5871] close(3 [pid 5868] rmdir("\x2e\x2f\x31\x30\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./107" [pid 7092] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rmdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7092] <... futex resumed>) = 0 [pid 5868] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7092] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] mkdir("./108", 0777 [pid 7092] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5868] newfstatat(AT_FDCWD, "./106/binderfs", [pid 7092] <... mprotect resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7092] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7091] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7091] <... mprotect resumed>) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 5868] unlink("./106/binderfs" [pid 7092] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] close(3 [pid 7092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7091] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 7093 attached [pid 7091] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7089] <... futex resumed>) = ? [pid 5868] getdents64(3, [pid 7091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7090] +++ killed by SIGSEGV (core dumped) +++ ./strace-static-x86_64: Process 7094 attached [pid 7093] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7092] <... clone3 resumed> => {parent_tid=[230]}, 88) = 230 [pid 7089] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7093] <... rseq resumed>) = 0 [pid 7092] rt_sigprocmask(SIG_SETMASK, [], [pid 7091] <... clone3 resumed> => {parent_tid=[225]}, 88) = 225 [pid 7093] set_robust_list(0x7f701fd149a0, 24 [pid 7092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] close(3 [pid 7094] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7093] <... set_robust_list resumed>) = 0 [pid 7092] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7094] <... rseq resumed>) = 0 [pid 7093] rt_sigprocmask(SIG_SETMASK, [], [pid 7091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... close resumed>) = 0 [pid 7094] set_robust_list(0x7f701fd149a0, 24 [pid 7093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7092] <... futex resumed>) = 0 [pid 5868] rmdir("./106" [pid 7091] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7094] <... set_robust_list resumed>) = 0 [pid 7093] memfd_create("syzkaller", 0 [pid 7092] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7091] <... futex resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=222, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [pid 5868] <... rmdir resumed>) = 0 [pid 7094] rt_sigprocmask(SIG_SETMASK, [], [pid 7091] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] mkdir("./107", 0777 [pid 7094] memfd_create("syzkaller", 0 [pid 7093] <... memfd_create resumed>) = 3 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] <... close resumed>) = 0 [pid 7094] <... memfd_create resumed>) = 3 [pid 7093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... openat resumed>) = 3 [pid 7094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 7095 attached [pid 7093] <... mmap resumed>) = 0x7f7017800000 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7094] <... mmap resumed>) = 0x7f7017800000 [pid 5868] <... ioctl resumed>) = 0 [pid 5869] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] close(3 [pid 5869] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7095] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... openat resumed>) = 3 [pid 7095] <... set_robust_list resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 224 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7095] chdir("./108") = 0 [pid 7095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7095] setpgid(0, 0) = 0 [pid 7095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7095] write(3, "1000", 4 [pid 7093] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7095] <... write resumed>) = 4 [pid 7095] close(3) = 0 [pid 7095] symlink("/dev/binderfs", "./binderfs" [pid 7094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7095] <... symlink resumed>) = 0 [pid 7095] write(1, "executing program\n", 18executing program ) = 18 [pid 7095] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7095] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 7096 attached [pid 7095] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 222 [pid 7096] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7096] chdir("./107") = 0 [pid 7096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7096] setpgid(0, 0) = 0 [pid 7096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7096] write(3, "1000", 4) = 4 [pid 7096] close(3) = 0 [pid 7096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7095] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}executing program [pid 7096] write(1, "executing program\n", 18) = 18 [pid 7096] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7096] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7096] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 7097 attached [pid 7093] <... write resumed>) = 2097152 [pid 7095] <... clone3 resumed> => {parent_tid=[225]}, 88) = 225 [pid 7097] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7096] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7094] <... write resumed>) = 2097152 [pid 7096] <... clone3 resumed> => {parent_tid=[223]}, 88) = 223 [pid 7097] <... rseq resumed>) = 0 [pid 7096] rt_sigprocmask(SIG_SETMASK, [], [pid 7097] set_robust_list(0x7f701fd149a0, 24 [pid 7096] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7098 attached [pid 7097] <... set_robust_list resumed>) = 0 [pid 7096] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] munmap(0x7f7017800000, 138412032 [pid 7097] rt_sigprocmask(SIG_SETMASK, [], [pid 7096] <... futex resumed>) = 0 [pid 7097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7096] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7098] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7097] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... umount2 resumed>) = 0 [pid 7098] <... rseq resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7098] set_robust_list(0x7f701fd149a0, 24 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7098] <... set_robust_list resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7098] rt_sigprocmask(SIG_SETMASK, [], [pid 7095] rt_sigprocmask(SIG_SETMASK, [], [pid 7094] munmap(0x7f7017800000, 138412032 [pid 7093] <... munmap resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7098] memfd_create("syzkaller", 0 [pid 7095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... openat resumed>) = 4 [pid 7095] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7097] <... futex resumed>) = 0 [pid 7095] <... futex resumed>) = 1 [pid 7093] <... openat resumed>) = 4 [pid 7097] memfd_create("syzkaller", 0 [pid 7095] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7093] ioctl(4, LOOP_SET_FD, 3 [pid 7097] <... memfd_create resumed>) = 3 [pid 5869] newfstatat(4, "", [pid 7097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7098] <... memfd_create resumed>) = 3 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 7098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7098] <... mmap resumed>) = 0x7f7017800000 [pid 7094] <... munmap resumed>) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./107/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 7094] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... close resumed>) = 0 [pid 7094] <... openat resumed>) = 4 [pid 7094] ioctl(4, LOOP_SET_FD, 3 [pid 7093] <... ioctl resumed>) = 0 [pid 5869] rmdir("./107") = 0 [pid 5869] mkdir("./108", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7093] close(3) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3 [pid 7093] close(4) = 0 [pid 7093] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 457.740391][ T7093] loop1: detected capacity change from 0 to 4096 [ 457.759314][ T7094] loop4: detected capacity change from 0 to 4096 [pid 7093] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7094] <... ioctl resumed>) = 0 [pid 7094] close(3) = 0 [pid 7094] close(4) = 0 [pid 7094] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5869] <... close resumed>) = 0 [pid 7094] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7097] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7098] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 7099 attached [pid 7099] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 224 [pid 7099] chdir("./108") = 0 [pid 7099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7099] setpgid(0, 0) = 0 [pid 7099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7099] write(3, "1000", 4) = 4 [pid 7099] close(3) = 0 [pid 7099] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7099] write(1, "executing program\n", 18) = 18 [pid 7099] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7099] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7100 attached => {parent_tid=[225]}, 88) = 225 [pid 7099] rt_sigprocmask(SIG_SETMASK, [], [pid 7093] <... mount resumed>) = 0 [pid 7099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7093] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7099] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] <... openat resumed>) = 3 [pid 7099] <... futex resumed>) = 0 [pid 7099] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7093] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7100] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7093] <... chdir resumed>) = 0 [pid 7100] <... rseq resumed>) = 0 [pid 7093] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7100] set_robust_list(0x7f701fd149a0, 24 [pid 7093] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7093] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7092] <... futex resumed>) = 0 [pid 7100] <... set_robust_list resumed>) = 0 [pid 7093] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7092] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] rt_sigprocmask(SIG_SETMASK, [], [pid 7093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7092] <... futex resumed>) = 0 [pid 7100] memfd_create("syzkaller", 0 [pid 7093] <... openat resumed>) = 4 [pid 7092] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7093] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7092] <... futex resumed>) = 0 [pid 7093] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7092] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7093] <... openat resumed>) = 5 [pid 7092] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7093] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... memfd_create resumed>) = 3 [pid 7100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7093] <... futex resumed>) = 1 [pid 7093] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7092] <... futex resumed>) = 0 [pid 7097] <... write resumed>) = 2097152 [pid 7098] <... write resumed>) = 2097152 [pid 7092] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] munmap(0x7f7017800000, 138412032) = 0 [pid 7098] munmap(0x7f7017800000, 138412032 [pid 7092] <... futex resumed>) = 1 [pid 7093] <... futex resumed>) = 0 [pid 7092] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7093] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7093] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7092] <... futex resumed>) = 0 [pid 7093] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7092] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7093] <... futex resumed>) = 0 [pid 7092] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7093] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7098] <... munmap resumed>) = 0 [pid 7093] <... mmap resumed>) = 0x200000000000 [pid 7098] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7097] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7093] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] <... openat resumed>) = 4 [pid 7097] <... openat resumed>) = 4 [pid 7093] <... futex resumed>) = 1 [pid 7092] <... futex resumed>) = 0 [pid 7092] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7098] ioctl(4, LOOP_SET_FD, 3 [pid 7097] ioctl(4, LOOP_SET_FD, 3 [pid 7093] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7092] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7093] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7093] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7093] <... futex resumed>) = 1 [pid 7092] <... futex resumed>) = 0 [pid 7093] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7097] <... ioctl resumed>) = 0 [pid 7098] <... ioctl resumed>) = 0 [pid 7097] close(3 [pid 7098] close(3 [pid 7097] <... close resumed>) = 0 [pid 7098] <... close resumed>) = 0 [pid 7097] close(4 [pid 7098] close(4 [pid 7097] <... close resumed>) = 0 [pid 7098] <... close resumed>) = 0 [pid 7098] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7097] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7098] <... mkdir resumed>) = 0 [pid 7092] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... mkdir resumed>) = 0 [pid 7093] <... futex resumed>) = 0 [pid 7092] <... futex resumed>) = 1 [pid 7093] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7092] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 457.963729][ T7097] loop3: detected capacity change from 0 to 4096 [ 457.971993][ T7098] loop0: detected capacity change from 0 to 4096 [pid 7097] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7094] <... mount resumed>) = 0 [pid 7094] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7094] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7094] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7094] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7098] <... mount resumed>) = 0 [pid 7094] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7098] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7098] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7096] <... futex resumed>) = 0 [pid 7096] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7096] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7094] <... futex resumed>) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7094] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7091] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7094] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7094] <... openat resumed>) = 5 [pid 7094] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] <... write resumed>) = 2097152 [pid 7094] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7094] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7091] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] munmap(0x7f7017800000, 138412032 [pid 7094] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7094] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7091] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7094] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7091] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] <... openat resumed>) = 4 [pid 7094] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7100] <... munmap resumed>) = 0 [pid 7094] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7096] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7098] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7096] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] <... futex resumed>) = 0 [pid 7096] <... futex resumed>) = 0 [pid 7098] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 7096] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 7101 attached [pid 7094] <... futex resumed>) = 1 [pid 7091] <... futex resumed>) = 0 [pid 7094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7091] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7096] <... clone3 resumed> => {parent_tid=[224]}, 88) = 224 [pid 7101] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7100] <... openat resumed>) = 4 [pid 7096] rt_sigprocmask(SIG_SETMASK, [], [pid 7101] <... rseq resumed>) = 0 [pid 7096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7101] set_robust_list(0x7f701fcf39a0, 24 [pid 7096] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7101] <... set_robust_list resumed>) = 0 [pid 7096] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7100] ioctl(4, LOOP_SET_FD, 3 [pid 7101] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7100] <... ioctl resumed>) = 0 [pid 7101] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7101] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7096] <... futex resumed>) = 0 [pid 7096] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7096] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] close(3 [pid 7098] <... futex resumed>) = 0 [pid 7098] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7098] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7096] <... futex resumed>) = 0 [pid 7096] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... close resumed>) = 0 [pid 7100] close(4) = 0 [pid 7096] <... futex resumed>) = 0 [pid 7096] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7098] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7100] <... mkdir resumed>) = 0 [pid 7098] <... mmap resumed>) = 0x200000000000 [pid 7098] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7098] <... futex resumed>) = 1 [pid 7096] <... futex resumed>) = 0 [pid 7096] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7096] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7098] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7096] <... futex resumed>) = 0 [pid 7096] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7096] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [ 458.181643][ T7100] loop2: detected capacity change from 0 to 4096 [pid 7097] <... mount resumed>) = 0 [pid 7097] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7097] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7097] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7097] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7095] <... futex resumed>) = 0 [pid 7097] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7095] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7095] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7095] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 7095] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} => {parent_tid=[226]}, 88) = 226 [pid 7095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7095] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7095] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7102 attached [pid 7102] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053) = 0 [pid 7097] <... openat resumed>) = 4 [pid 7102] set_robust_list(0x7f701fcf39a0, 24) = 0 [pid 7102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7102] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7097] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7102] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = 0 [pid 7097] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7102] <... futex resumed>) = 1 [pid 7095] <... futex resumed>) = 0 [pid 7102] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7095] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = 0 [pid 7095] <... futex resumed>) = 1 [pid 7097] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7095] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7097] <... write resumed>) = 1116 [pid 7097] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7095] <... futex resumed>) = 0 [pid 7095] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7095] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7097] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7097] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7097] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7095] <... futex resumed>) = 0 [pid 7095] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7097] <... futex resumed>) = 0 [pid 7097] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7097] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7097] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7095] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7095] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7097] <... futex resumed>) = 0 [pid 7095] <... futex resumed>) = 1 [pid 7097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7100] <... mount resumed>) = 0 [pid 7100] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7100] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7100] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7100] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7092] <... futex resumed>) = ? [pid 7100] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] <... futex resumed>) = 0 [pid 7099] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7100] <... futex resumed>) = 0 [pid 7100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7099] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] <... openat resumed>) = 4 [pid 7100] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] +++ killed by SIGSEGV (core dumped) +++ [pid 7092] +++ killed by SIGSEGV (core dumped) +++ [pid 7100] <... futex resumed>) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7100] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7099] <... futex resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=229, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 7100] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7099] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7100] <... openat resumed>) = 5 [pid 5870] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7100] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", [pid 7100] <... futex resumed>) = 1 [pid 7099] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7100] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7099] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7100] <... write resumed>) = 1116 [pid 7099] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7099] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7100] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7100] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7099] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... mmap resumed>) = 0x200000000000 [pid 7100] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] <... futex resumed>) = 0 [pid 7100] <... futex resumed>) = 0 [pid 7099] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7099] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = 0 [pid 7099] <... futex resumed>) = 1 [pid 7100] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7099] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7100] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7099] <... futex resumed>) = 0 [pid 7100] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7099] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7099] <... futex resumed>) = ? [pid 7091] <... futex resumed>) = ? [pid 7094] +++ killed by SIGSEGV (core dumped) +++ [pid 7091] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=224, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5872] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7102] <... futex resumed>) = ? [pid 7102] +++ killed by SIGSEGV (core dumped) +++ [pid 7097] +++ killed by SIGSEGV (core dumped) +++ [pid 7095] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=224, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./107/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./107") = 0 [pid 5870] mkdir("./108", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7101] <... futex resumed>) = ? [pid 7096] <... futex resumed>) = ? [pid 7101] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... umount2 resumed>) = 0 [pid 7098] +++ killed by SIGSEGV (core dumped) +++ [pid 7096] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=222, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... restart_syscall resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] getdents64(4, [pid 5868] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 5868] <... openat resumed>) = 3 [pid 5870] <... close resumed>) = 0 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] rmdir("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... rmdir resumed>) = 0 [pid 5872] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./107/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./107") = 0 [pid 5872] mkdir("./108", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7103 attached , child_tidptr=0x55557616a690) = 231 [pid 7103] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7103] chdir("./108") = 0 [pid 7103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7103] setpgid(0, 0) = 0 [pid 5872] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 7103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7100] +++ killed by SIGSEGV (core dumped) +++ [pid 7099] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=224, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5869] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7103] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7103] write(3, "1000", 4 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", ./strace-static-x86_64: Process 7104 attached [pid 7103] <... write resumed>) = 4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7103] close(3 [pid 7104] set_robust_list(0x55557616a6a0, 24 [pid 7103] <... close resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 226 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7104] <... set_robust_list resumed>) = 0 [pid 7103] symlink("/dev/binderfs", "./binderfs" [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7103] <... symlink resumed>) = 0 [pid 5871] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./108/binderfs", [pid 7104] chdir("./108"executing program [pid 7103] write(1, "executing program\n", 18 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7104] <... chdir resumed>) = 0 [pid 7103] <... write resumed>) = 18 [pid 5871] unlink("./108/binderfs" [pid 7104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7103] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... unlink resumed>) = 0 [pid 7104] <... prctl resumed>) = 0 [pid 7103] <... futex resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7104] setpgid(0, 0 [pid 5871] close(3 [pid 7103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... close resumed>) = 0 [pid 7103] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] rmdir("./108" [pid 7103] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 7104] <... setpgid resumed>) = 0 [pid 7103] <... mprotect resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 7104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] mkdir("./109", 0777 [pid 7103] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] <... mkdir resumed>) = 0 [pid 7104] <... openat resumed>) = 3 [pid 7103] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7104] write(3, "1000", 4 [pid 5871] <... openat resumed>) = 3 [pid 7103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7104] <... write resumed>) = 4 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7104] close(3 [pid 7103] <... clone3 resumed> => {parent_tid=[232]}, 88) = 232 [pid 5871] close(3./strace-static-x86_64: Process 7105 attached [pid 7104] <... close resumed>) = 0 [pid 7103] rt_sigprocmask(SIG_SETMASK, [], [pid 7104] symlink("/dev/binderfs", "./binderfs" [pid 7105] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7105] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7104] <... symlink resumed>) = 0 [pid 7103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7103] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7104] write(1, "executing program\n", 18 [pid 7105] memfd_create("syzkaller", 0 [pid 7104] <... write resumed>) = 18 [pid 7103] <... futex resumed>) = 0 [pid 7105] <... memfd_create resumed>) = 3 [pid 7105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7103] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7104] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7104] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7104] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] <... close resumed>) = 0 [pid 7104] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7107 attached ./strace-static-x86_64: Process 7106 attached [pid 7104] <... clone3 resumed> => {parent_tid=[227]}, 88) = 227 [pid 5868] <... umount2 resumed>) = 0 [pid 7104] rt_sigprocmask(SIG_SETMASK, [], [pid 7106] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 227 [pid 7106] <... rseq resumed>) = 0 [pid 7104] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7106] set_robust_list(0x7f701fd149a0, 24 [pid 7104] <... futex resumed>) = 0 [pid 7106] <... set_robust_list resumed>) = 0 [pid 7104] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7106] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7107] set_robust_list(0x55557616a6a0, 24 [pid 7106] memfd_create("syzkaller", 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7107] <... set_robust_list resumed>) = 0 [pid 7106] <... memfd_create resumed>) = 3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7106] <... mmap resumed>) = 0x7f7017800000 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7107] chdir("./109" [pid 7105] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... openat resumed>) = 4 [pid 7107] <... chdir resumed>) = 0 [pid 7107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7107] setpgid(0, 0) = 0 [pid 7107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7107] write(3, "1000", 4 [pid 5868] newfstatat(4, "", [pid 7107] <... write resumed>) = 4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7107] close(3 [pid 5868] getdents64(4, [pid 7107] <... close resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 executing program [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7107] symlink("/dev/binderfs", "./binderfs" [pid 5868] close(4 [pid 7107] <... symlink resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7107] write(1, "executing program\n", 18 [pid 5868] rmdir("\x2e\x2f\x31\x30\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7107] <... write resumed>) = 18 [pid 7107] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7107] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7107] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7107] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7108 attached [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./107/binderfs" [pid 7107] <... clone3 resumed> => {parent_tid=[228]}, 88) = 228 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7108] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7107] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] <... rseq resumed>) = 0 [pid 7107] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] getdents64(3, [pid 7108] set_robust_list(0x7f701fd149a0, 24 [pid 5869] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7108] <... set_robust_list resumed>) = 0 [pid 5868] close(3 [pid 7108] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... close resumed>) = 0 [pid 7108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] rmdir("./107" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", [pid 7108] memfd_create("syzkaller", 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, [pid 5868] <... rmdir resumed>) = 0 [pid 7108] <... memfd_create resumed>) = 3 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] mkdir("./108", 0777 [pid 7108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 5868] <... mkdir resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7108] <... mmap resumed>) = 0x7f7017800000 [pid 5869] rmdir("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... rmdir resumed>) = 0 [pid 5869] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... openat resumed>) = 3 [pid 5869] newfstatat(AT_FDCWD, "./108/binderfs", [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./108/binderfs" [pid 5868] <... ioctl resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5868] close(3 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./108") = 0 [pid 5869] mkdir("./109", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 7105] <... write resumed>) = 2097152 [pid 5869] close(3 [pid 7105] munmap(0x7f7017800000, 138412032 [pid 7106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7105] <... munmap resumed>) = 0 [pid 7105] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7105] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7105] <... ioctl resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7105] close(3 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7105] <... close resumed>) = 0 ./strace-static-x86_64: Process 7110 attached ./strace-static-x86_64: Process 7109 attached [pid 7108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7106] <... write resumed>) = 2097152 [pid 7105] close(4) = 0 [pid 7105] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 459.240456][ T7105] loop1: detected capacity change from 0 to 4096 [pid 7110] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 225 [pid 7106] munmap(0x7f7017800000, 138412032 [pid 7110] <... set_robust_list resumed>) = 0 [pid 7109] set_robust_list(0x55557616a6a0, 24 [pid 7105] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7110] chdir("./108" [pid 7109] <... set_robust_list resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 226 [pid 7109] chdir("./109" [pid 7110] <... chdir resumed>) = 0 [pid 7110] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7109] <... chdir resumed>) = 0 [pid 7106] <... munmap resumed>) = 0 [pid 7110] <... prctl resumed>) = 0 [pid 7109] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7110] setpgid(0, 0 [pid 7109] <... prctl resumed>) = 0 [pid 7110] <... setpgid resumed>) = 0 [pid 7109] setpgid(0, 0 [pid 7110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7109] <... setpgid resumed>) = 0 [pid 7109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7109] <... openat resumed>) = 3 [pid 7106] <... openat resumed>) = 4 [pid 7110] <... openat resumed>) = 3 [pid 7109] write(3, "1000", 4 [pid 7106] ioctl(4, LOOP_SET_FD, 3 [pid 7110] write(3, "1000", 4 [pid 7109] <... write resumed>) = 4 [pid 7110] <... write resumed>) = 4 [pid 7109] close(3 [pid 7110] close(3 [pid 7109] <... close resumed>) = 0 [pid 7110] <... close resumed>) = 0 [pid 7109] symlink("/dev/binderfs", "./binderfs" [pid 7110] symlink("/dev/binderfs", "./binderfs" [pid 7109] <... symlink resumed>) = 0 [pid 7110] <... symlink resumed>) = 0 [pid 7109] write(1, "executing program\n", 18executing program executing program ) = 18 [pid 7110] write(1, "executing program\n", 18 [pid 7109] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... write resumed>) = 18 [pid 7109] <... futex resumed>) = 0 [pid 7110] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7110] <... futex resumed>) = 0 [pid 7109] <... mmap resumed>) = 0x7f701fcf4000 [pid 7110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7109] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7110] <... mmap resumed>) = 0x7f701fcf4000 [pid 7109] <... mprotect resumed>) = 0 [pid 7110] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7106] <... ioctl resumed>) = 0 [pid 7109] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7110] <... mprotect resumed>) = 0 [pid 7109] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7111 attached [pid 7110] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7106] close(3 [pid 7111] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7110] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7109] <... clone3 resumed> => {parent_tid=[227]}, 88) = 227 [pid 7111] <... rseq resumed>) = 0 [pid 7110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7111] set_robust_list(0x7f701fd149a0, 24 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7112 attached [pid 7111] <... set_robust_list resumed>) = 0 [pid 7109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7106] <... close resumed>) = 0 [pid 7106] close(4) = 0 [pid 7112] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7111] rt_sigprocmask(SIG_SETMASK, [], [pid 7110] <... clone3 resumed> => {parent_tid=[226]}, 88) = 226 [pid 7109] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7106] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7112] <... rseq resumed>) = 0 [pid 7111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7110] rt_sigprocmask(SIG_SETMASK, [], [pid 7109] <... futex resumed>) = 0 [pid 7108] <... write resumed>) = 2097152 [pid 7106] <... mkdir resumed>) = 0 [pid 7112] set_robust_list(0x7f701fd149a0, 24 [pid 7111] memfd_create("syzkaller", 0 [pid 7110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7109] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7108] munmap(0x7f7017800000, 138412032 [ 459.328786][ T7106] loop4: detected capacity change from 0 to 4096 [pid 7106] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7112] <... set_robust_list resumed>) = 0 [pid 7110] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] rt_sigprocmask(SIG_SETMASK, [], [pid 7110] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7112] memfd_create("syzkaller", 0 [pid 7111] <... memfd_create resumed>) = 3 [pid 7111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7112] <... memfd_create resumed>) = 3 [pid 7111] <... mmap resumed>) = 0x7f7017800000 [pid 7108] <... munmap resumed>) = 0 [pid 7112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7108] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7112] <... mmap resumed>) = 0x7f7017800000 [pid 7108] <... openat resumed>) = 4 [pid 7108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7108] close(3) = 0 [pid 7108] close(4) = 0 [pid 7108] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 459.418300][ T7108] loop3: detected capacity change from 0 to 4096 [pid 7108] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7112] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7111] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7106] <... mount resumed>) = 0 [pid 7106] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7106] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7106] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7106] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7104] <... futex resumed>) = 0 [pid 7106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7104] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7104] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] <... openat resumed>) = 4 [pid 7105] <... mount resumed>) = 0 [pid 7106] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7105] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7104] <... futex resumed>) = 0 [pid 7106] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7104] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... openat resumed>) = 3 [pid 7104] <... futex resumed>) = 0 [pid 7105] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7104] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7105] <... chdir resumed>) = 0 [pid 7105] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7105] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7103] <... futex resumed>) = 0 [pid 7105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7103] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7103] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] <... openat resumed>) = 5 [pid 7111] <... write resumed>) = 2097152 [pid 7106] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... write resumed>) = 2097152 [pid 7111] munmap(0x7f7017800000, 138412032 [pid 7106] <... futex resumed>) = 1 [pid 7105] <... openat resumed>) = 4 [pid 7104] <... futex resumed>) = 0 [pid 7104] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7104] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7105] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] munmap(0x7f7017800000, 138412032 [pid 7106] <... write resumed>) = 1116 [pid 7105] <... futex resumed>) = 1 [pid 7103] <... futex resumed>) = 0 [pid 7105] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7103] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... openat resumed>) = 5 [pid 7103] <... futex resumed>) = 0 [pid 7103] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7104] <... futex resumed>) = 0 [pid 7111] <... munmap resumed>) = 0 [pid 7106] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7104] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7112] <... munmap resumed>) = 0 [pid 7111] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7106] <... mmap resumed>) = 0x200000000000 [pid 7105] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7104] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7105] <... futex resumed>) = 1 [pid 7105] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7103] <... futex resumed>) = 0 [pid 7106] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7111] <... openat resumed>) = 4 [pid 7103] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7104] <... futex resumed>) = 0 [pid 7106] <... futex resumed>) = 1 [pid 7112] <... openat resumed>) = 4 [pid 7111] ioctl(4, LOOP_SET_FD, 3 [pid 7105] <... futex resumed>) = 0 [pid 7104] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 1 [pid 7105] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7105] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7105] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] <... mount resumed>) = 0 [pid 7108] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7108] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7106] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7104] <... futex resumed>) = 0 [pid 7103] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7106] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7104] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7108] <... chdir resumed>) = 0 [pid 7106] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7108] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7108] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] <... futex resumed>) = 0 [pid 7107] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7107] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7108] <... futex resumed>) = 1 [pid 7112] ioctl(4, LOOP_SET_FD, 3 [pid 7106] <... futex resumed>) = 1 [pid 7105] <... futex resumed>) = 0 [pid 7104] <... futex resumed>) = 0 [pid 7103] <... futex resumed>) = 1 [pid 7108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7106] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7105] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7104] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7105] <... mmap resumed>) = 0x200000000000 [pid 7104] <... futex resumed>) = 0 [pid 7105] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] <... ioctl resumed>) = 0 [pid 7105] <... futex resumed>) = 1 [pid 7104] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7105] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7103] <... futex resumed>) = 0 [pid 7111] close(3 [pid 7108] <... openat resumed>) = 4 [pid 7111] <... close resumed>) = 0 [pid 7108] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] close(4 [pid 7108] <... futex resumed>) = 1 [pid 7107] <... futex resumed>) = 0 [pid 7103] <... futex resumed>) = 1 [pid 7112] <... ioctl resumed>) = 0 [pid 7111] <... close resumed>) = 0 [pid 7107] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7111] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7107] <... futex resumed>) = 0 [pid 7112] close(3 [pid 7111] <... mkdir resumed>) = 0 [pid 7108] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7107] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7105] <... futex resumed>) = 0 [pid 7108] <... openat resumed>) = 5 [pid 7105] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7105] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... close resumed>) = 0 [pid 7111] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7108] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... futex resumed>) = 1 [pid 7103] <... futex resumed>) = 0 [pid 7112] close(4 [pid 7108] <... futex resumed>) = 1 [pid 7107] <... futex resumed>) = 0 [pid 7105] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7107] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7108] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7107] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7103] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... close resumed>) = 0 [pid 7108] <... write resumed>) = 1116 [pid 7112] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7108] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... futex resumed>) = 0 [pid 7103] <... futex resumed>) = 1 [pid 7108] <... futex resumed>) = 1 [pid 7107] <... futex resumed>) = 0 [pid 7105] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7103] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7112] <... mkdir resumed>) = 0 [pid 7107] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7107] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7112] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7108] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [ 459.619533][ T7111] loop2: detected capacity change from 0 to 4096 [ 459.642867][ T7112] loop0: detected capacity change from 0 to 4096 [pid 7108] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7107] <... futex resumed>) = 0 [pid 7107] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7107] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7108] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7108] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7107] <... futex resumed>) = 0 [pid 7108] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7107] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] <... mount resumed>) = 0 [pid 7111] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7111] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7111] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7111] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7109] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7112] <... mount resumed>) = 0 [pid 7111] <... openat resumed>) = 4 [pid 7112] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7111] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7111] <... futex resumed>) = 1 [pid 7109] <... futex resumed>) = 0 [pid 7111] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7112] <... chdir resumed>) = 0 [pid 7109] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] <... futex resumed>) = 0 [pid 7109] <... futex resumed>) = 1 [pid 7112] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7111] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7112] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7112] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7111] <... openat resumed>) = 5 [pid 7112] <... futex resumed>) = 1 [pid 7111] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7112] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7109] <... futex resumed>) = 0 [pid 7111] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7110] <... futex resumed>) = 0 [pid 7109] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7111] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7111] <... write resumed>) = 1116 [pid 7110] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... futex resumed>) = 0 [pid 7111] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = 1 [pid 7112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7111] <... futex resumed>) = 1 [pid 7110] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] <... futex resumed>) = 0 [pid 7109] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7109] <... futex resumed>) = 0 [pid 7112] <... openat resumed>) = 4 [pid 7111] <... mmap resumed>) = 0x200000000000 [pid 7109] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7112] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... futex resumed>) = 1 [pid 7111] <... futex resumed>) = 1 [pid 7110] <... futex resumed>) = 0 [pid 7109] <... futex resumed>) = 0 [pid 7112] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7111] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7110] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... futex resumed>) = 0 [pid 7111] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7109] <... futex resumed>) = 0 [pid 7112] <... openat resumed>) = 5 [pid 7111] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7109] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7112] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] <... futex resumed>) = 0 [pid 7109] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... futex resumed>) = 1 [pid 7110] <... futex resumed>) = 0 [pid 7111] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7110] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... futex resumed>) = ? [pid 7110] <... futex resumed>) = 0 [pid 7110] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7112] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7112] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7110] <... futex resumed>) = 0 [pid 7112] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7110] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] <... mmap resumed>) = 0x200000000000 [pid 7110] <... futex resumed>) = 0 [pid 7112] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7104] <... futex resumed>) = ? [pid 7110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7112] <... futex resumed>) = 0 [pid 7110] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7110] <... futex resumed>) = 0 [pid 7112] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7110] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7112] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7110] <... futex resumed>) = 0 [pid 7112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7110] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = ? [pid 7106] +++ killed by SIGSEGV (core dumped) +++ [pid 7104] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=226, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7107] <... futex resumed>) = ? [pid 7105] +++ killed by SIGSEGV (core dumped) +++ [pid 7103] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=231, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5872] <... restart_syscall resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7108] +++ killed by SIGSEGV (core dumped) +++ [pid 7107] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=227, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5870] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... openat resumed>) = 3 [pid 5870] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", [pid 5870] newfstatat(3, "", [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, [pid 5870] getdents64(3, [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] newfstatat(4, "", [pid 5870] getdents64(4, [pid 5872] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] getdents64(4, [pid 5870] getdents64(4, [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 5871] getdents64(4, [pid 5870] <... close resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] close(4 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... close resumed>) = 0 [pid 5870] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] rmdir("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./109/binderfs", [pid 5870] newfstatat(AT_FDCWD, "./108/binderfs", [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5871] unlink("./109/binderfs" [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] newfstatat(4, "", [pid 5870] unlink("./108/binderfs" [pid 5871] <... unlink resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 5870] <... unlink resumed>) = 0 [pid 5872] getdents64(4, [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] getdents64(3, [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] getdents64(4, [pid 5871] close(3) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 5872] close(4 [pid 5871] rmdir("./109" [pid 5870] <... close resumed>) = 0 [pid 7111] +++ killed by SIGSEGV (core dumped) +++ [pid 7109] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... close resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5870] rmdir("./108" [pid 5872] rmdir("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] mkdir("./110", 0777 [pid 5870] <... rmdir resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=226, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5870] mkdir("./109", 0777 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... mkdir resumed>) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5871] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5872] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... ioctl resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7110] <... futex resumed>) = ? [pid 5872] newfstatat(AT_FDCWD, "./108/binderfs", [pid 5871] close(3 [pid 5869] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./108/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./108") = 0 [pid 5872] mkdir("./109", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 5871] <... close resumed>) = 0 [pid 7112] +++ killed by SIGSEGV (core dumped) +++ [pid 7110] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=225, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 5868] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7113 attached [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 233 ./strace-static-x86_64: Process 7114 attached [pid 7113] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7113] chdir("./109") = 0 [pid 7113] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7114] set_robust_list(0x55557616a6a0, 24 [pid 7113] <... prctl resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 229 [pid 7113] setpgid(0, 0) = 0 [pid 7113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7113] write(3, "1000", 4) = 4 [pid 7113] close(3) = 0 [pid 7114] <... set_robust_list resumed>) = 0 [pid 7113] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7113] write(1, "executing program\n", 18 [pid 7114] chdir("./110" [pid 7113] <... write resumed>) = 18 [pid 7113] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7114] <... chdir resumed>) = 0 [pid 7113] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7114] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7113] <... mprotect resumed>) = 0 [pid 7114] <... prctl resumed>) = 0 [pid 7114] setpgid(0, 0 [pid 7113] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7114] <... setpgid resumed>) = 0 [pid 7113] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... close resumed>) = 0 [pid 7114] <... openat resumed>) = 3 [pid 7114] write(3, "1000", 4 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[234]}, 88) = 234 [pid 7113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7113] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7113] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7115 attached [pid 7114] <... write resumed>) = 4 ./strace-static-x86_64: Process 7116 attached [pid 7116] set_robust_list(0x55557616a6a0, 24 [pid 7114] close(3 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 228 [pid 7115] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7114] <... close resumed>) = 0 [pid 7116] <... set_robust_list resumed>) = 0 [pid 7114] symlink("/dev/binderfs", "./binderfs" [pid 7115] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 executing program [pid 7115] memfd_create("syzkaller", 0 [pid 7116] chdir("./109" [pid 7114] <... symlink resumed>) = 0 [pid 7116] <... chdir resumed>) = 0 [pid 7114] write(1, "executing program\n", 18) = 18 [pid 7114] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7115] <... memfd_create resumed>) = 3 [pid 7115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7116] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7114] <... mmap resumed>) = 0x7f701fcf4000 [pid 7114] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7116] <... prctl resumed>) = 0 [pid 7114] <... mprotect resumed>) = 0 [pid 7116] setpgid(0, 0 [pid 7114] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... umount2 resumed>) = 0 [pid 7116] <... setpgid resumed>) = 0 [pid 7114] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7116] <... openat resumed>) = 3 [pid 5868] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7116] write(3, "1000", 4 [pid 7114] <... clone3 resumed> => {parent_tid=[230]}, 88) = 230 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7117 attached [pid 7117] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7117] <... rseq resumed>) = 0 [pid 7116] <... write resumed>) = 4 [pid 7114] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7116] close(3 [pid 7114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7116] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7114] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7114] <... futex resumed>) = 0 [pid 7117] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5868] <... openat resumed>) = 4 [pid 7117] rt_sigprocmask(SIG_SETMASK, [], [pid 7114] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7116] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... umount2 resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 7116] <... symlink resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7116] write(1, "executing program\n", 18) = 18 [pid 5868] getdents64(4, [pid 7117] memfd_create("syzkaller", 0 [pid 7116] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7117] <... memfd_create resumed>) = 3 [pid 7117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] getdents64(4, [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7117] <... mmap resumed>) = 0x7f7017800000 [pid 7116] <... futex resumed>) = 0 [pid 7115] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] close(4 [pid 7116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] <... close resumed>) = 0 [pid 7116] <... mmap resumed>) = 0x7f701fcf4000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x30\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7116] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... rmdir resumed>) = 0 [pid 5869] <... openat resumed>) = 4 [pid 5868] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(4, "", [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] newfstatat(AT_FDCWD, "./108/binderfs", [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7116] <... mprotect resumed>) = 0 [pid 5869] getdents64(4, [pid 5868] unlink("./108/binderfs" [pid 7116] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5869] close(4 [pid 7116] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] getdents64(3, [pid 5869] <... close resumed>) = 0 [pid 7116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] rmdir("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 7118 attached [pid 5869] <... rmdir resumed>) = 0 [pid 5868] close(3) = 0 [pid 5869] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] rmdir("./108" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7116] <... clone3 resumed> => {parent_tid=[229]}, 88) = 229 [pid 5869] newfstatat(AT_FDCWD, "./109/binderfs", [pid 5868] <... rmdir resumed>) = 0 [pid 7116] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] mkdir("./109", 0777 [pid 7116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7118] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5869] unlink("./109/binderfs" [pid 7118] <... rseq resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 7116] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... mkdir resumed>) = 0 [pid 7118] set_robust_list(0x7f701fd149a0, 24 [pid 7116] <... futex resumed>) = 0 [pid 5869] getdents64(3, [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7116] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] <... openat resumed>) = 3 [pid 5869] close(3) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] rmdir("./109") = 0 [pid 5869] mkdir("./110", 0777) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7118] <... set_robust_list resumed>) = 0 [pid 5868] close(3 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7118] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... ioctl resumed>) = 0 [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] close(3 [pid 7118] memfd_create("syzkaller", 0) = 3 [pid 7118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7115] <... write resumed>) = 2097152 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7119 attached [pid 7119] set_robust_list(0x55557616a6a0, 24./strace-static-x86_64: Process 7120 attached [pid 7118] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7115] munmap(0x7f7017800000, 138412032 [pid 7120] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 227 [pid 7120] <... set_robust_list resumed>) = 0 [pid 7120] chdir("./110" [pid 7119] <... set_robust_list resumed>) = 0 [pid 7120] <... chdir resumed>) = 0 [pid 7119] chdir("./109" [pid 7120] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7119] <... chdir resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 228 [pid 7120] <... prctl resumed>) = 0 [pid 7119] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7120] setpgid(0, 0 [pid 7119] <... prctl resumed>) = 0 [pid 7115] <... munmap resumed>) = 0 [pid 7115] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7115] ioctl(4, LOOP_SET_FD, 3 [pid 7119] setpgid(0, 0 [pid 7120] <... setpgid resumed>) = 0 [pid 7120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7119] <... setpgid resumed>) = 0 [pid 7120] <... openat resumed>) = 3 [pid 7119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7117] <... write resumed>) = 2097152 [pid 7120] write(3, "1000", 4 [pid 7119] <... openat resumed>) = 3 [pid 7117] munmap(0x7f7017800000, 138412032 [pid 7115] <... ioctl resumed>) = 0 [pid 7120] <... write resumed>) = 4 [pid 7119] write(3, "1000", 4 [pid 7117] <... munmap resumed>) = 0 [pid 7115] close(3) = 0 [pid 7120] close(3 [pid 7119] <... write resumed>) = 4 [pid 7120] <... close resumed>) = 0 [pid 7115] close(4 [pid 7119] close(3 [pid 7120] symlink("/dev/binderfs", "./binderfs" [pid 7119] <... close resumed>) = 0 [pid 7115] <... close resumed>) = 0 executing program executing program [pid 7120] <... symlink resumed>) = 0 [pid 7119] symlink("/dev/binderfs", "./binderfs" [pid 7117] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7115] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7119] <... symlink resumed>) = 0 [pid 7115] <... mkdir resumed>) = 0 [pid 7120] write(1, "executing program\n", 18 [pid 7119] write(1, "executing program\n", 18 [pid 7120] <... write resumed>) = 18 [pid 7119] <... write resumed>) = 18 [pid 7115] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7120] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] <... futex resumed>) = 0 [pid 7119] <... futex resumed>) = 0 [pid 7117] <... openat resumed>) = 4 [pid 7120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7120] <... mmap resumed>) = 0x7f701fcf4000 [ 460.605130][ T7115] loop1: detected capacity change from 0 to 4096 [pid 7119] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7120] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7119] <... mprotect resumed>) = 0 [pid 7117] ioctl(4, LOOP_SET_FD, 3 [pid 7120] <... mprotect resumed>) = 0 [pid 7119] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7120] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7119] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7118] <... write resumed>) = 2097152 [pid 7120] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7118] munmap(0x7f7017800000, 138412032./strace-static-x86_64: Process 7121 attached [pid 7120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7122 attached [pid 7118] <... munmap resumed>) = 0 [pid 7121] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7119] <... clone3 resumed> => {parent_tid=[228]}, 88) = 228 [pid 7121] <... rseq resumed>) = 0 [pid 7120] <... clone3 resumed> => {parent_tid=[229]}, 88) = 229 [pid 7119] rt_sigprocmask(SIG_SETMASK, [], [pid 7121] set_robust_list(0x7f701fd149a0, 24 [pid 7120] rt_sigprocmask(SIG_SETMASK, [], [pid 7119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7122] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7121] <... set_robust_list resumed>) = 0 [pid 7119] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7122] <... rseq resumed>) = 0 [pid 7118] <... openat resumed>) = 4 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], [pid 7119] <... futex resumed>) = 0 [pid 7122] set_robust_list(0x7f701fd149a0, 24 [pid 7120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7119] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7118] ioctl(4, LOOP_SET_FD, 3 [pid 7122] <... set_robust_list resumed>) = 0 [pid 7121] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 460.664800][ T7117] loop3: detected capacity change from 0 to 4096 [pid 7120] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7121] memfd_create("syzkaller", 0 [pid 7120] <... futex resumed>) = 0 [pid 7122] memfd_create("syzkaller", 0 [pid 7120] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7121] <... memfd_create resumed>) = 3 [pid 7122] <... memfd_create resumed>) = 3 [pid 7117] <... ioctl resumed>) = 0 [pid 7122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7117] close(3 [pid 7122] <... mmap resumed>) = 0x7f7017800000 [pid 7117] <... close resumed>) = 0 [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7117] close(4 [pid 7121] <... mmap resumed>) = 0x7f7017800000 [pid 7117] <... close resumed>) = 0 [pid 7117] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7117] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7118] <... ioctl resumed>) = 0 [pid 7118] close(3) = 0 [ 460.706872][ T7118] loop4: detected capacity change from 0 to 4096 [pid 7118] close(4) = 0 [pid 7118] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7118] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7115] <... mount resumed>) = 0 [pid 7115] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7115] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7115] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7115] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7113] <... futex resumed>) = 0 [pid 7115] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7113] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7113] <... futex resumed>) = 0 [pid 7122] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7113] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7115] <... openat resumed>) = 4 [pid 7115] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7113] <... futex resumed>) = 0 [pid 7115] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7113] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7113] <... futex resumed>) = 0 [pid 7115] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7113] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7115] <... openat resumed>) = 5 [pid 7115] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7115] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7113] <... futex resumed>) = 0 [pid 7113] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... futex resumed>) = 0 [pid 7113] <... futex resumed>) = 1 [pid 7115] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7113] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7115] <... write resumed>) = 1116 [pid 7115] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7113] <... futex resumed>) = 0 [pid 7113] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7117] <... mount resumed>) = 0 [pid 7115] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7113] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7117] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7115] <... mmap resumed>) = 0x200000000000 [pid 7117] <... openat resumed>) = 3 [pid 7115] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7113] <... futex resumed>) = 0 [pid 7113] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... write resumed>) = 2097152 [pid 7117] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7115] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7113] <... futex resumed>) = 0 [pid 7121] munmap(0x7f7017800000, 138412032 [pid 7117] <... chdir resumed>) = 0 [pid 7115] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7113] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7115] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7115] <... futex resumed>) = 0 [pid 7113] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7113] <... futex resumed>) = 0 [pid 7117] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7117] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7114] <... futex resumed>) = 0 [pid 7117] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7114] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7114] <... futex resumed>) = 0 [pid 7117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7114] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7117] <... openat resumed>) = 4 [pid 7118] <... mount resumed>) = 0 [pid 7117] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7114] <... futex resumed>) = 0 [pid 7114] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7114] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] <... write resumed>) = 2097152 [pid 7118] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7117] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7118] <... openat resumed>) = 3 [pid 7121] <... munmap resumed>) = 0 [pid 7118] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7118] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7122] munmap(0x7f7017800000, 138412032 [pid 7118] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7117] <... openat resumed>) = 5 [pid 7118] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... futex resumed>) = 1 [pid 7117] <... futex resumed>) = 1 [pid 7116] <... futex resumed>) = 0 [pid 7114] <... futex resumed>) = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7117] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7116] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7114] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] <... write resumed>) = 1116 [pid 7116] <... futex resumed>) = 0 [pid 7117] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7116] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7114] <... futex resumed>) = 0 [pid 7117] <... futex resumed>) = 0 [pid 7114] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7117] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7121] <... openat resumed>) = 4 [pid 7121] ioctl(4, LOOP_SET_FD, 3 [pid 7114] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] <... futex resumed>) = 0 [pid 7114] <... futex resumed>) = 1 [pid 7117] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7114] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] <... ioctl resumed>) = 0 [pid 7117] <... mmap resumed>) = 0x200000000000 [pid 7122] <... munmap resumed>) = 0 [pid 7122] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7117] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7114] <... futex resumed>) = 0 [pid 7114] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] close(3 [pid 7117] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7114] <... futex resumed>) = 0 [pid 7122] ioctl(4, LOOP_SET_FD, 3 [pid 7117] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7114] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] <... ioctl resumed>) = 0 [pid 7121] <... close resumed>) = 0 [pid 7121] close(4 [pid 7117] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7117] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7114] <... futex resumed>) = 0 [pid 7121] <... close resumed>) = 0 [pid 7117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7114] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7117] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7114] <... futex resumed>) = 0 [pid 7121] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7118] <... openat resumed>) = 4 [pid 7116] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7121] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7116] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7116] <... futex resumed>) = 0 [pid 7118] <... futex resumed>) = 0 [pid 7116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7118] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7116] <... mmap resumed>) = 0x7f701fcd3000 [pid 7116] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 7123 attached => {parent_tid=[230]}, 88) = 230 [ 460.958404][ T7121] loop0: detected capacity change from 0 to 4096 [ 460.969556][ T7122] loop2: detected capacity change from 0 to 4096 [pid 7116] rt_sigprocmask(SIG_SETMASK, [], [pid 7123] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7123] <... rseq resumed>) = 0 [pid 7116] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7123] set_robust_list(0x7f701fcf39a0, 24 [pid 7116] <... futex resumed>) = 0 [pid 7123] <... set_robust_list resumed>) = 0 [pid 7116] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7123] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7122] close(3) = 0 [pid 7122] close(4) = 0 [pid 7122] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7123] <... openat resumed>) = 5 [pid 7122] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7123] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7116] <... futex resumed>) = 0 [pid 7116] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... futex resumed>) = 0 [pid 7116] <... futex resumed>) = 1 [pid 7118] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7116] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7123] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7118] <... write resumed>) = 1116 [pid 7118] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7116] <... futex resumed>) = 0 [pid 7118] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7116] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7116] <... futex resumed>) = 0 [pid 7116] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7118] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7118] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7116] <... futex resumed>) = 0 [pid 7118] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7116] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7118] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7116] <... futex resumed>) = 0 [pid 7118] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7116] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7118] <... futex resumed>) = 0 [pid 7116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7118] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7116] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... mount resumed>) = 0 [pid 7121] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7121] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7121] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7119] <... futex resumed>) = 0 [pid 7121] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7119] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7119] <... futex resumed>) = 0 [pid 7121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7119] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] <... openat resumed>) = 4 [pid 7119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7119] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 7119] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 7121] <... futex resumed>) = 0 [pid 7121] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7119] <... mprotect resumed>) = 0 [pid 7119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 7124 attached [pid 7122] <... mount resumed>) = 0 [pid 7119] <... clone3 resumed> => {parent_tid=[229]}, 88) = 229 [pid 7119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7122] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7119] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] <... openat resumed>) = 3 [pid 7119] <... futex resumed>) = 0 [pid 7122] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7119] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] <... chdir resumed>) = 0 [pid 7124] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7122] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7124] <... rseq resumed>) = 0 [pid 7124] set_robust_list(0x7f701fcf39a0, 24) = 0 [pid 7124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7124] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7122] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7122] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... openat resumed>) = 5 [pid 7122] <... futex resumed>) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7122] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7120] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7124] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7120] <... futex resumed>) = 0 [pid 7119] <... futex resumed>) = 0 [pid 7120] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7119] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7121] <... futex resumed>) = 0 [pid 7119] <... futex resumed>) = 1 [pid 7119] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7121] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7119] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7121] <... futex resumed>) = 0 [pid 7121] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7119] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7119] <... futex resumed>) = 0 [pid 7119] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7119] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7121] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7119] <... futex resumed>) = 0 [pid 7119] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7119] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7122] <... openat resumed>) = 4 [pid 7122] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7122] <... futex resumed>) = 0 [pid 7120] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7120] <... futex resumed>) = 0 [pid 7122] <... openat resumed>) = 5 [pid 7120] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7122] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7120] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7122] <... write resumed>) = 1116 [pid 7120] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7115] +++ killed by SIGSEGV (core dumped) +++ [pid 7113] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=233, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7122] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7122] <... futex resumed>) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7120] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7122] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7120] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7117] +++ killed by SIGSEGV (core dumped) +++ [pid 7114] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=229, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 7122] <... mmap resumed>) = 0x200000000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7122] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7122] <... futex resumed>) = 1 [pid 7120] <... futex resumed>) = 0 [pid 7120] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 7122] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7120] <... futex resumed>) = 0 [pid 7122] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7120] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7122] <... futex resumed>) = 0 [pid 7120] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7120] <... futex resumed>) = 0 [pid 5871] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] newfstatat(3, "", [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 5870] getdents64(3, [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7123] <... futex resumed>) = ? [pid 7123] +++ killed by SIGSEGV (core dumped) +++ [pid 7116] <... futex resumed>) = ? [pid 7118] +++ killed by SIGSEGV (core dumped) +++ [pid 7116] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=228, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... umount2 resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./109/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./109" [pid 5871] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5871] unlink("./110/binderfs" [pid 5870] mkdir("./110", 0777 [pid 5871] <... unlink resumed>) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./110") = 0 [pid 5871] mkdir("./111", 0777) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 5871] close(3 [pid 7122] +++ killed by SIGSEGV (core dumped) +++ [pid 7120] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... umount2 resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=228, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5869] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7124] <... futex resumed>) = ? [pid 5872] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7124] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... openat resumed>) = 3 [pid 7121] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] newfstatat(3, "", [pid 7119] <... futex resumed>) = ? [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7119] +++ killed by SIGSEGV (core dumped) +++ ./strace-static-x86_64: Process 7125 attached [pid 5869] getdents64(3, [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=227, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5869] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7125] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7125] <... set_robust_list resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7125] chdir("./110" [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7125] <... chdir resumed>) = 0 [pid 7125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7125] setpgid(0, 0) = 0 [pid 7125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 235 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 7126 attached [pid 5872] <... openat resumed>) = 4 [pid 7125] <... openat resumed>) = 3 [pid 5872] newfstatat(4, "", [pid 7125] write(3, "1000", 4 [pid 5868] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7125] <... write resumed>) = 4 [pid 5872] getdents64(4, [pid 5868] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... openat resumed>) = 3 [pid 7125] close(3 [pid 5868] newfstatat(3, "", [pid 7125] <... close resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] getdents64(3, [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 231 [pid 7125] write(1, "executing program\n", 18) = 18 [pid 7125] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7125] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[236]}, 88) = 236 [pid 7125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7125] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7127 attached executing program [pid 7126] set_robust_list(0x55557616a6a0, 24 [pid 5872] getdents64(4, [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7126] <... set_robust_list resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7127] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7127] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7127] memfd_create("syzkaller", 0 [pid 7126] chdir("./111" [pid 5872] close(4 [pid 7127] <... memfd_create resumed>) = 3 [pid 7126] <... chdir resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7126] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] rmdir("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7126] <... prctl resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 7126] setpgid(0, 0 [pid 5872] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] <... setpgid resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./109/binderfs", [pid 7126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7126] <... openat resumed>) = 3 [pid 5872] unlink("./109/binderfs") = 0 [pid 7126] write(3, "1000", 4) = 4 [pid 7126] close(3executing program ) = 0 [pid 7127] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7126] symlink("/dev/binderfs", "./binderfs" [pid 5872] close(3 [pid 7126] <... symlink resumed>) = 0 [pid 7126] write(1, "executing program\n", 18) = 18 [pid 7126] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7126] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[232]}, 88) = 232 [pid 7126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7128 attached [pid 7126] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 7126] <... futex resumed>) = 0 [pid 7126] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] rmdir("./109" [pid 7128] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5872] <... rmdir resumed>) = 0 [pid 7128] <... rseq resumed>) = 0 [pid 7128] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7128] memfd_create("syzkaller", 0 [pid 5872] mkdir("./110", 0777 [pid 7128] <... memfd_create resumed>) = 3 [pid 7128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... mkdir resumed>) = 0 [pid 7128] <... mmap resumed>) = 0x7f7017800000 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 7127] <... write resumed>) = 2097152 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7127] munmap(0x7f7017800000, 138412032) = 0 [pid 7127] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7127] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7128] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7127] <... ioctl resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7127] close(3 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 231 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7127] <... close resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", ./strace-static-x86_64: Process 7129 attached [pid 7127] close(4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7127] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] umount2("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7127] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7127] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7127] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 4 [pid 7129] set_robust_list(0x55557616a6a0, 24 [pid 5869] newfstatat(4, "", [pid 5868] newfstatat(4, "", [pid 7129] <... set_robust_list resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 5869] getdents64(4, [pid 7129] chdir("./110" [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7129] <... chdir resumed>) = 0 [pid 5869] getdents64(4, [pid 5868] getdents64(4, [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 5868] close(4 [pid 5869] <... close resumed>) = 0 [ 461.987722][ T7127] loop1: detected capacity change from 0 to 4096 [pid 7129] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] rmdir("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... close resumed>) = 0 [pid 7129] <... prctl resumed>) = 0 [pid 7129] setpgid(0, 0) = 0 [pid 7129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7129] write(3, "1000", 4) = 4 [pid 7129] close(3) = 0 [pid 7129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] rmdir("\x2e\x2f\x31\x30\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 7129] write(1, "executing program\n", 18 [pid 5869] newfstatat(AT_FDCWD, "./110/binderfs", [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7129] <... write resumed>) = 18 [pid 7129] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] newfstatat(AT_FDCWD, "./109/binderfs", [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7129] <... mmap resumed>) = 0x7f701fcf4000 [pid 5869] unlink("./110/binderfs" [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5868] unlink("./109/binderfs" [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 5869] close(3 [pid 5868] getdents64(3, [pid 7129] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... close resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] rmdir("./110" [pid 5868] close(3 [pid 7129] <... mprotect resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] mkdir("./111", 0777 [pid 5868] rmdir("./109" [pid 7129] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] <... mkdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] mkdir("./110", 0777 [pid 7129] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 7129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] <... openat resumed>) = 3 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 7130 attached [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... openat resumed>) = 3 [pid 7129] <... clone3 resumed> => {parent_tid=[232]}, 88) = 232 [pid 5869] <... ioctl resumed>) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 7130] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] close(3 [pid 5868] close(3 [pid 7130] <... rseq resumed>) = 0 [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7130] set_robust_list(0x7f701fd149a0, 24 [pid 7129] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... set_robust_list resumed>) = 0 [pid 7129] <... futex resumed>) = 0 [pid 7130] rt_sigprocmask(SIG_SETMASK, [], [pid 7129] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7130] memfd_create("syzkaller", 0) = 3 [pid 7130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7128] <... write resumed>) = 2097152 [pid 7128] munmap(0x7f7017800000, 138412032) = 0 [pid 5869] <... close resumed>) = 0 [pid 7130] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7128] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7128] <... openat resumed>) = 4 ./strace-static-x86_64: Process 7132 attached [pid 7128] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7131 attached [pid 7132] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 230 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 230 [pid 7132] <... set_robust_list resumed>) = 0 [pid 7132] chdir("./110") = 0 [pid 7131] set_robust_list(0x55557616a6a0, 24 [pid 7132] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7131] <... set_robust_list resumed>) = 0 [pid 7132] <... prctl resumed>) = 0 [pid 7132] setpgid(0, 0 [pid 7131] chdir("./111" [pid 7132] <... setpgid resumed>) = 0 [pid 7131] <... chdir resumed>) = 0 [pid 7131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7131] setpgid(0, 0) = 0 [pid 7131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7132] write(3, "1000", 4) = 4 [pid 7132] close(3) = 0 [pid 7132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7131] write(3, "1000", 4 executing program [pid 7132] write(1, "executing program\n", 18 [pid 7131] <... write resumed>) = 4 [pid 7132] <... write resumed>) = 18 [pid 7132] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] close(3) = 0 [pid 7132] <... futex resumed>) = 0 [pid 7131] symlink("/dev/binderfs", "./binderfs"executing program [pid 7132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7131] <... symlink resumed>) = 0 [pid 7131] write(1, "executing program\n", 18 [pid 7132] <... mmap resumed>) = 0x7f701fcf4000 [pid 7131] <... write resumed>) = 18 [pid 7128] <... ioctl resumed>) = 0 [pid 7131] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7128] close(3 [pid 7131] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7128] <... close resumed>) = 0 [pid 7132] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7131] <... mprotect resumed>) = 0 [pid 7128] close(4 [pid 7132] <... mprotect resumed>) = 0 [pid 7128] <... close resumed>) = 0 [pid 7128] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7132] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7128] <... mkdir resumed>) = 0 [pid 7131] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7128] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7132] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7131] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7127] <... mount resumed>) = 0 [pid 7131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7127] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 7133 attached ) = 3 [pid 7131] <... clone3 resumed> => {parent_tid=[231]}, 88) = 231 [pid 7127] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7131] rt_sigprocmask(SIG_SETMASK, [], [pid 7127] <... chdir resumed>) = 0 [pid 7131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7127] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7131] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7131] <... futex resumed>) = 0 [pid 7127] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7131] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7127] <... futex resumed>) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7133] <... rseq resumed>) = 0 [pid 7127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [ 462.192122][ T7128] loop3: detected capacity change from 0 to 4096 [pid 7125] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] set_robust_list(0x7f701fd149a0, 24 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] <... set_robust_list resumed>) = 0 [pid 7132] <... clone3 resumed> => {parent_tid=[231]}, 88) = 231 ./strace-static-x86_64: Process 7134 attached [pid 7133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7133] memfd_create("syzkaller", 0) = 3 [pid 7134] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7132] rt_sigprocmask(SIG_SETMASK, [], [pid 7127] <... openat resumed>) = 4 [pid 7134] <... rseq resumed>) = 0 [pid 7133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7127] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] set_robust_list(0x7f701fd149a0, 24 [pid 7132] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] <... set_robust_list resumed>) = 0 [pid 7132] <... futex resumed>) = 0 [pid 7134] rt_sigprocmask(SIG_SETMASK, [], [pid 7133] <... mmap resumed>) = 0x7f7017800000 [pid 7132] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7130] <... write resumed>) = 2097152 [pid 7127] <... futex resumed>) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7125] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] memfd_create("syzkaller", 0 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7127] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7134] <... memfd_create resumed>) = 3 [pid 7127] <... openat resumed>) = 5 [pid 7134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7130] munmap(0x7f7017800000, 138412032 [pid 7127] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] <... mmap resumed>) = 0x7f7017800000 [pid 7127] <... futex resumed>) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7127] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7127] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7127] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7127] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7125] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7125] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7130] <... munmap resumed>) = 0 [pid 7127] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7127] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7125] <... futex resumed>) = 0 [pid 7127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7125] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7130] close(3) = 0 [pid 7130] close(4) = 0 [pid 7130] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 462.319620][ T7130] loop4: detected capacity change from 0 to 4096 [pid 7130] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7133] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7134] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7128] <... mount resumed>) = 0 [pid 7128] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7128] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7128] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7128] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7126] <... futex resumed>) = 0 [pid 7133] <... write resumed>) = 2097152 [pid 7128] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7126] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7128] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7134] <... write resumed>) = 2097152 [pid 7133] munmap(0x7f7017800000, 138412032 [pid 7134] munmap(0x7f7017800000, 138412032 [pid 7130] <... mount resumed>) = 0 [pid 7128] <... openat resumed>) = 4 [pid 7130] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7130] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7130] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7130] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7129] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7128] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] <... munmap resumed>) = 0 [pid 7129] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... futex resumed>) = 1 [pid 7126] <... futex resumed>) = 0 [pid 7133] <... munmap resumed>) = 0 [pid 7128] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7126] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7128] <... openat resumed>) = 5 [pid 7126] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7130] <... openat resumed>) = 4 [pid 7134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7134] ioctl(4, LOOP_SET_FD, 3 [pid 7128] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... openat resumed>) = 4 [pid 7130] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] <... futex resumed>) = 1 [pid 7126] <... futex resumed>) = 0 [pid 7128] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7133] ioctl(4, LOOP_SET_FD, 3 [pid 7130] <... futex resumed>) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7126] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7126] <... futex resumed>) = 0 [pid 7134] <... ioctl resumed>) = 0 [pid 7130] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7129] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] close(3 [pid 7130] <... openat resumed>) = 5 [pid 7134] <... close resumed>) = 0 [pid 7134] close(4 [pid 7130] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... futex resumed>) = 0 [pid 7128] <... write resumed>) = 1116 [pid 7134] <... close resumed>) = 0 [pid 7130] <... futex resumed>) = 0 [pid 7129] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7134] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7130] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] <... futex resumed>) = 1 [pid 7126] <... futex resumed>) = 0 [pid 7130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7129] <... futex resumed>) = 0 [pid 7128] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7126] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7133] <... ioctl resumed>) = 0 [pid 7130] <... write resumed>) = 1116 [pid 7129] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7126] <... futex resumed>) = 0 [pid 7134] <... mkdir resumed>) = 0 [pid 7133] close(3 [pid 7130] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7128] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7126] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7133] <... close resumed>) = 0 [pid 7130] <... futex resumed>) = 0 [pid 7129] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] <... mmap resumed>) = 0x200000000000 [pid 7133] close(4 [pid 7130] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7129] <... futex resumed>) = 0 [pid 7128] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... close resumed>) = 0 [pid 7130] <... mmap resumed>) = 0x200000000000 [pid 7129] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... futex resumed>) = 1 [pid 7126] <... futex resumed>) = 0 [ 462.543513][ T7134] loop0: detected capacity change from 0 to 4096 [ 462.553962][ T7133] loop2: detected capacity change from 0 to 4096 [pid 7133] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7130] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7128] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7126] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... futex resumed>) = 0 [pid 7130] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7129] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] <... futex resumed>) = 0 [pid 7128] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7130] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7129] <... futex resumed>) = 0 [pid 7128] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] <... mkdir resumed>) = 0 [pid 7129] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7128] <... futex resumed>) = 0 [pid 7126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7130] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7126] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... futex resumed>) = 0 [pid 7130] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... futex resumed>) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7133] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7125] <... futex resumed>) = ? [pid 7127] +++ killed by SIGSEGV (core dumped) +++ [pid 7125] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=235, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7134] <... mount resumed>) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7134] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7134] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7134] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] <... futex resumed>) = 0 [pid 7132] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7134] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] <... futex resumed>) = 0 [pid 7132] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7134] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7132] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] <... openat resumed>) = 5 [pid 7134] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] <... futex resumed>) = 0 [pid 7132] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7134] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] <... futex resumed>) = 0 [pid 7134] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7132] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7132] <... futex resumed>) = 0 [pid 7134] <... mmap resumed>) = 0x200000000000 [pid 7132] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] <... futex resumed>) = 0 [pid 7132] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7132] <... futex resumed>) = 0 [pid 7134] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7133] <... mount resumed>) = 0 [pid 7132] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7133] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7134] <... futex resumed>) = 1 [pid 7133] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7134] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7132] <... futex resumed>) = 0 [pid 7133] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7133] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7133] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7131] <... futex resumed>) = 0 [pid 7131] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... futex resumed>) = 0 [pid 7131] <... futex resumed>) = 1 [pid 7133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7131] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] <... openat resumed>) = 4 [pid 7133] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7132] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] <... futex resumed>) = 0 [pid 7133] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7131] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] <... futex resumed>) = 0 [pid 7132] <... futex resumed>) = 1 [pid 7131] <... futex resumed>) = 0 [pid 7131] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7132] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] <... openat resumed>) = 5 [pid 7133] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7131] <... futex resumed>) = 0 [pid 7133] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7131] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... write resumed>) = 1116 [pid 7131] <... futex resumed>) = 0 [pid 7133] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] <... futex resumed>) = 0 [pid 7131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7133] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7131] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... mmap resumed>) = 0x200000000000 [pid 7131] <... futex resumed>) = 0 [pid 7131] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7131] <... futex resumed>) = 0 [pid 7131] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7131] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7133] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7133] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7131] <... futex resumed>) = 0 [pid 7131] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7131] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7130] +++ killed by SIGSEGV (core dumped) +++ [pid 7129] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] newfstatat(4, "", [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=231, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, [pid 5872] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./110/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 5872] <... openat resumed>) = 3 [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./110" [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./111", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] getdents64(3, [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] <... ioctl resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] close(3 [pid 7126] <... futex resumed>) = ? [pid 7128] +++ killed by SIGSEGV (core dumped) +++ [pid 7126] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=231, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5871] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7135 attached [pid 7135] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7135] chdir("./111" [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 237 [pid 7135] <... chdir resumed>) = 0 [pid 7135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7135] setpgid(0, 0) = 0 [pid 7135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7135] write(3, "1000", 4) = 4 [pid 7135] close(3) = 0 [pid 7135] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7135] write(1, "executing program\n", 18) = 18 [pid 7135] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7135] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7136 attached [pid 7135] <... clone3 resumed> => {parent_tid=[238]}, 88) = 238 [pid 7135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7135] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7136] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7135] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7136] <... rseq resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7136] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7136] memfd_create("syzkaller", 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7136] <... memfd_create resumed>) = 3 [pid 7136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./110/binderfs") = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] close(3) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] rmdir("./110") = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7132] <... futex resumed>) = ? [pid 5872] mkdir("./111", 0777 [pid 5871] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... mkdir resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] <... openat resumed>) = 3 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] <... close resumed>) = 0 [pid 5872] close(3 [pid 5871] rmdir("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7134] +++ killed by SIGSEGV (core dumped) +++ [pid 7132] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=230, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5871] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./111/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./111") = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5871] mkdir("./112", 0777 [pid 5868] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7133] +++ killed by SIGSEGV (core dumped) +++ [pid 7131] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=230, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... openat resumed>) = 3 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7136] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] close(3 [pid 5869] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 233 ./strace-static-x86_64: Process 7137 attached [pid 5869] <... openat resumed>) = 3 [pid 7137] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7137] chdir("./111") = 0 [pid 7137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7137] setpgid(0, 0) = 0 [pid 7137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7137] write(3, "1000", 4) = 4 [pid 7137] close(3) = 0 [pid 7137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7137] write(1, "executing program\n", 18) = 18 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7137] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7137] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7137] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] getdents64(3, [pid 7137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7137] <... clone3 resumed> => {parent_tid=[234]}, 88) = 234 [pid 5869] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7137] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7138 attached [pid 7138] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7138] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7138] memfd_create("syzkaller", 0 [pid 5871] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7136] <... write resumed>) = 2097152 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7138] <... memfd_create resumed>) = 3 [pid 7138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 7139 attached [pid 7136] munmap(0x7f7017800000, 138412032 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 233 [pid 5868] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x31\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./110/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3 [pid 7136] <... munmap resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7139] set_robust_list(0x55557616a6a0, 24 [pid 5868] rmdir("./110") = 0 [pid 7139] <... set_robust_list resumed>) = 0 [pid 7136] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] mkdir("./111", 0777 [pid 7139] chdir("./112" [pid 5868] <... mkdir resumed>) = 0 [pid 7139] <... chdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7136] <... openat resumed>) = 4 [pid 7136] ioctl(4, LOOP_SET_FD, 3 [pid 7139] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7139] <... prctl resumed>) = 0 [pid 7139] setpgid(0, 0) = 0 [pid 7139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7139] write(3, "1000", 4) = 4 [pid 7139] close(3) = 0 [ 463.482221][ T7136] loop1: detected capacity change from 0 to 4096 [pid 7139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7136] <... ioctl resumed>) = 0 [pid 7136] close(3 [pid 7139] write(1, "executing program\n", 18 [pid 7136] <... close resumed>) = 0 executing program [pid 7139] <... write resumed>) = 18 [pid 7136] close(4) = 0 [pid 7139] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7136] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7136] <... mkdir resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7139] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7136] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7139] <... mprotect resumed>) = 0 [pid 7138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 7140 attached [pid 7139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 232 ./strace-static-x86_64: Process 7141 attached [pid 7140] set_robust_list(0x55557616a6a0, 24 [pid 7139] <... clone3 resumed> => {parent_tid=[234]}, 88) = 234 [pid 7140] <... set_robust_list resumed>) = 0 [pid 7141] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7139] rt_sigprocmask(SIG_SETMASK, [], [pid 7140] chdir("./111" [pid 7139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7139] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... rseq resumed>) = 0 [pid 7139] <... futex resumed>) = 0 [pid 7139] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7140] <... chdir resumed>) = 0 [pid 7141] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7140] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7141] rt_sigprocmask(SIG_SETMASK, [], [pid 7140] <... prctl resumed>) = 0 [pid 7141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7140] setpgid(0, 0 [pid 7141] memfd_create("syzkaller", 0 [pid 7140] <... setpgid resumed>) = 0 [pid 7140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7141] <... memfd_create resumed>) = 3 [pid 7140] <... openat resumed>) = 3 [pid 7141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7140] write(3, "1000", 4) = 4 [pid 7141] <... mmap resumed>) = 0x7f7017800000 [pid 7140] close(3) = 0 [pid 7140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7138] <... write resumed>) = 2097152 [pid 7140] write(1, "executing program\n", 18 [pid 5869] <... umount2 resumed>) = 0 [pid 7140] <... write resumed>) = 18 [pid 7140] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7140] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", executing program [pid 7140] <... mprotect resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7138] munmap(0x7f7017800000, 138412032 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7142 attached [pid 7141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... openat resumed>) = 4 [pid 7142] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7138] <... munmap resumed>) = 0 [pid 7142] <... rseq resumed>) = 0 [pid 5869] newfstatat(4, "", [pid 7142] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7140] <... clone3 resumed> => {parent_tid=[233]}, 88) = 233 [pid 7138] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7136] <... mount resumed>) = 0 [pid 5869] getdents64(4, [pid 7142] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7140] rt_sigprocmask(SIG_SETMASK, [], [pid 7138] <... openat resumed>) = 4 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 7140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7140] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7138] ioctl(4, LOOP_SET_FD, 3 [pid 5869] close(4 [pid 7142] <... futex resumed>) = 0 [pid 7140] <... futex resumed>) = 1 [pid 7142] memfd_create("syzkaller", 0 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7142] <... memfd_create resumed>) = 3 [pid 5869] <... rmdir resumed>) = 0 [pid 7142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7140] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7142] <... mmap resumed>) = 0x7f7017800000 [pid 7136] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7136] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./111/binderfs", [pid 7136] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7136] <... chdir resumed>) = 0 [pid 5869] unlink("./111/binderfs" [pid 7136] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] <... unlink resumed>) = 0 [pid 7136] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... write resumed>) = 2097152 [pid 7136] <... futex resumed>) = 1 [pid 7135] <... futex resumed>) = 0 [pid 5869] getdents64(3, [pid 7136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7135] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7135] <... futex resumed>) = 0 [pid 7135] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] close(3) = 0 [pid 7136] <... openat resumed>) = 4 [pid 5869] rmdir("./111" [pid 7136] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7136] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... rmdir resumed>) = 0 [pid 7135] <... futex resumed>) = 0 [pid 5869] mkdir("./112", 0777 [pid 7135] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7138] <... ioctl resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 7135] <... futex resumed>) = 0 [pid 7136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7135] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7136] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7138] close(3 [pid 7141] munmap(0x7f7017800000, 138412032 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 7138] <... close resumed>) = 0 [pid 5869] close(3 [pid 7138] close(4) = 0 [pid 7136] <... openat resumed>) = 5 [pid 7141] <... munmap resumed>) = 0 [pid 7138] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 463.691294][ T7138] loop4: detected capacity change from 0 to 4096 [pid 7138] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7142] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7141] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7136] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... openat resumed>) = 4 [pid 7136] <... futex resumed>) = 1 [pid 7141] ioctl(4, LOOP_SET_FD, 3 [pid 7136] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7135] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7141] <... ioctl resumed>) = 0 [pid 7135] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] <... futex resumed>) = 0 [pid 7135] <... futex resumed>) = 1 [pid 7136] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7135] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7136] <... write resumed>) = 1116 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7136] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7143 attached ) = 1 [pid 7135] <... futex resumed>) = 0 [pid 7135] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7135] <... futex resumed>) = 0 [pid 7136] <... mmap resumed>) = 0x200000000000 [pid 7135] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7136] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7143] set_robust_list(0x55557616a6a0, 24 [pid 7136] <... futex resumed>) = 1 [pid 7135] <... futex resumed>) = 0 [pid 7136] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7135] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7143] <... set_robust_list resumed>) = 0 [pid 7136] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7135] <... futex resumed>) = 0 [pid 7143] chdir("./112" [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 232 [pid 7143] <... chdir resumed>) = 0 [pid 7136] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7135] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7136] <... futex resumed>) = 0 [pid 7135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7135] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7143] setpgid(0, 0) = 0 [pid 7143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7141] close(3) = 0 [ 463.779115][ T7141] loop3: detected capacity change from 0 to 4096 executing program [pid 7143] <... openat resumed>) = 3 [pid 7143] write(3, "1000", 4) = 4 [pid 7143] close(3) = 0 [pid 7143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7143] write(1, "executing program\n", 18) = 18 [pid 7143] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7141] close(4 [pid 7143] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7141] <... close resumed>) = 0 [pid 7143] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7141] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7143] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7141] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7144 attached [pid 7144] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7143] <... clone3 resumed> => {parent_tid=[233]}, 88) = 233 [pid 7142] <... write resumed>) = 2097152 [pid 7144] <... rseq resumed>) = 0 [pid 7143] rt_sigprocmask(SIG_SETMASK, [], [pid 7142] munmap(0x7f7017800000, 138412032 [pid 7144] set_robust_list(0x7f701fd149a0, 24 [pid 7143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7144] <... set_robust_list resumed>) = 0 [pid 7143] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] rt_sigprocmask(SIG_SETMASK, [], [pid 7143] <... futex resumed>) = 0 [pid 7144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7143] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7142] <... munmap resumed>) = 0 [pid 7144] memfd_create("syzkaller", 0 [pid 7142] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7144] <... memfd_create resumed>) = 3 [pid 7144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7142] <... openat resumed>) = 4 [pid 7142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7142] close(3) = 0 [pid 7142] close(4) = 0 [pid 7142] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 463.909637][ T7142] loop0: detected capacity change from 0 to 4096 [pid 7142] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7144] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7138] <... mount resumed>) = 0 [pid 7138] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7138] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7138] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7138] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] <... futex resumed>) = 0 [pid 7137] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7138] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] <... futex resumed>) = 0 [pid 7138] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7137] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] <... openat resumed>) = 5 [pid 7138] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] <... futex resumed>) = 0 [pid 7137] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7138] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] <... write resumed>) = 1116 [pid 7138] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] <... futex resumed>) = 0 [pid 7138] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7137] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7138] <... mmap resumed>) = 0x200000000000 [pid 7137] <... futex resumed>) = 0 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] <... futex resumed>) = 0 [pid 7137] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7138] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7137] <... futex resumed>) = 0 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7138] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7137] <... futex resumed>) = 0 [pid 7137] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7137] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7141] <... mount resumed>) = 0 [pid 7141] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7141] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7141] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7141] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7139] <... futex resumed>) = 0 [pid 7141] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7139] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7139] <... futex resumed>) = 0 [pid 7141] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7144] <... write resumed>) = 2097152 [pid 7141] <... openat resumed>) = 4 [pid 7139] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] munmap(0x7f7017800000, 138412032 [pid 7141] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7139] <... futex resumed>) = 0 [pid 7141] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7139] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7139] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] <... munmap resumed>) = 0 [pid 7144] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7144] ioctl(4, LOOP_SET_FD, 3 [pid 7141] <... openat resumed>) = 5 [pid 7141] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7139] <... futex resumed>) = 0 [pid 7139] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7139] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7142] <... mount resumed>) = 0 [pid 7142] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7141] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7142] <... openat resumed>) = 3 [pid 7141] <... write resumed>) = 1116 [pid 7141] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7142] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7141] <... futex resumed>) = 1 [pid 7139] <... futex resumed>) = 0 [pid 7141] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7142] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7139] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7142] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7139] <... futex resumed>) = 0 [pid 7141] <... mmap resumed>) = 0x200000000000 [pid 7139] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7141] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] <... ioctl resumed>) = 0 [pid 7142] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... futex resumed>) = 1 [pid 7139] <... futex resumed>) = 0 [pid 7144] close(3 [pid 7142] <... futex resumed>) = 1 [pid 7141] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7140] <... futex resumed>) = 0 [pid 7139] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] <... close resumed>) = 0 [pid 7142] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7141] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7139] <... futex resumed>) = 0 [ 464.166516][ T7144] loop2: detected capacity change from 0 to 4096 [pid 7144] close(4 [pid 7142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7141] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7140] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7139] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] <... close resumed>) = 0 [pid 7135] <... futex resumed>) = ? [pid 7144] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7141] <... futex resumed>) = 0 [pid 7140] <... futex resumed>) = 0 [pid 7139] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7144] <... mkdir resumed>) = 0 [pid 7144] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7140] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7139] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7139] <... futex resumed>) = 0 [pid 7142] <... openat resumed>) = 4 [pid 7142] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7140] <... futex resumed>) = 0 [pid 7140] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7140] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7136] +++ killed by SIGSEGV (core dumped) +++ [pid 7135] +++ killed by SIGSEGV (core dumped) +++ [pid 7142] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=237, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7142] <... openat resumed>) = 5 [pid 5870] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7142] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7142] <... futex resumed>) = 1 [pid 5870] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7140] <... futex resumed>) = 0 [pid 7142] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7140] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 7140] <... futex resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 7142] <... write resumed>) = 1116 [pid 7140] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7142] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7142] <... futex resumed>) = 1 [pid 7140] <... futex resumed>) = 0 [pid 7142] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7140] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7140] <... futex resumed>) = 0 [pid 7142] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7140] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7142] <... mmap resumed>) = 0x200000000000 [pid 7142] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7142] <... futex resumed>) = 0 [pid 7140] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7142] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7140] <... futex resumed>) = 0 [pid 7142] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7140] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7142] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7142] <... futex resumed>) = 0 [pid 7140] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7142] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7140] <... futex resumed>) = 0 [pid 7144] <... mount resumed>) = 0 [pid 7144] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7144] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7144] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7144] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7143] <... futex resumed>) = 0 [pid 7144] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7143] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7143] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] <... openat resumed>) = 4 [pid 7144] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7143] <... futex resumed>) = 0 [pid 7143] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7143] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7144] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7144] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7137] <... futex resumed>) = ? [pid 7144] <... futex resumed>) = 1 [pid 7143] <... futex resumed>) = 0 [pid 7143] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7143] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7138] +++ killed by SIGSEGV (core dumped) +++ [pid 7137] +++ killed by SIGSEGV (core dumped) +++ [pid 7144] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=233, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 7144] <... write resumed>) = 1116 [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7144] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] newfstatat(3, "", [pid 7144] <... futex resumed>) = 1 [pid 7143] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7143] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(3, [pid 7144] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7143] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7144] <... mmap resumed>) = 0x200000000000 [pid 7143] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7144] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7143] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7144] <... futex resumed>) = 0 [pid 7143] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7144] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7143] <... futex resumed>) = 0 [pid 7144] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7143] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = 0 [pid 7144] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7143] <... futex resumed>) = 0 [pid 7144] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7143] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./111/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./111") = 0 [pid 5870] mkdir("./112", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7145 attached , child_tidptr=0x55557616a690) = 239 [pid 7145] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7145] chdir("./112" [pid 7141] +++ killed by SIGSEGV (core dumped) +++ [pid 7139] +++ killed by SIGSEGV (core dumped) +++ [pid 7145] <... chdir resumed>) = 0 [pid 7145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=233, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 7145] setpgid(0, 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7145] <... setpgid resumed>) = 0 [pid 5872] <... umount2 resumed>) = 0 [pid 7145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7145] <... openat resumed>) = 3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... openat resumed>) = 3 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] newfstatat(3, "", [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7145] write(3, "1000", 4 [pid 5872] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] getdents64(3, [pid 7145] <... write resumed>) = 4 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7145] close(3) = 0 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7145] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5872] getdents64(4, [pid 7145] write(1, "executing program\n", 18 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7145] <... write resumed>) = 18 [pid 5872] unlink("./111/binderfs" [pid 7145] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... unlink resumed>) = 0 [pid 7145] <... futex resumed>) = 0 [pid 5872] getdents64(3, [pid 7145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7145] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] close(3 [pid 7145] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] <... close resumed>) = 0 [pid 7145] <... mprotect resumed>) = 0 [pid 5872] rmdir("./111" [pid 7145] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... rmdir resumed>) = 0 [pid 7145] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] mkdir("./112", 0777 [pid 7145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5872] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7146 attached [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 7145] <... clone3 resumed> => {parent_tid=[240]}, 88) = 240 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 7146] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7145] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... ioctl resumed>) = 0 [pid 7145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] close(3 [pid 7145] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] <... rseq resumed>) = 0 [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7146] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] <... close resumed>) = 0 [pid 7146] memfd_create("syzkaller", 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7147 attached [pid 7147] set_robust_list(0x55557616a6a0, 24 [pid 7146] <... memfd_create resumed>) = 3 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 235 [pid 7147] <... set_robust_list resumed>) = 0 [pid 7147] chdir("./112") = 0 [pid 7147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7147] setpgid(0, 0) = 0 [pid 7146] <... mmap resumed>) = 0x7f7017800000 [pid 7147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7147] write(3, "1000", 4 [pid 7142] +++ killed by SIGSEGV (core dumped) +++ [pid 7140] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... umount2 resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=232, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 7147] <... write resumed>) = 4 [pid 5868] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7147] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7147] <... close resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7147] symlink("/dev/binderfs", "./binderfs" [pid 5868] <... openat resumed>) = 3 [pid 7147] <... symlink resumed>) = 0 [pid 5868] newfstatat(3, "", executing program [pid 7147] write(1, "executing program\n", 18 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7147] <... write resumed>) = 18 [pid 5868] getdents64(3, [pid 7147] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7147] <... futex resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7147] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7148 attached => {parent_tid=[236]}, 88) = 236 [pid 7147] rt_sigprocmask(SIG_SETMASK, [], [pid 7148] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7148] <... rseq resumed>) = 0 [pid 7147] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7148] set_robust_list(0x7f701fd149a0, 24 [pid 7147] <... futex resumed>) = 0 [pid 7148] <... set_robust_list resumed>) = 0 [pid 7147] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7148] memfd_create("syzkaller", 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7148] <... memfd_create resumed>) = 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", [pid 7146] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7143] <... futex resumed>) = ? [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7148] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] getdents64(4, [pid 7144] +++ killed by SIGSEGV (core dumped) +++ [pid 7143] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=232, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5869] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] newfstatat(3, "", [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] close(4) = 0 [pid 5869] getdents64(3, [pid 5871] rmdir("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... rmdir resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./112/binderfs", [pid 5868] <... umount2 resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./112/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./112") = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] mkdir("./113", 0777) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7146] <... write resumed>) = 2097152 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7146] munmap(0x7f7017800000, 138412032 [pid 5871] <... openat resumed>) = 3 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x31\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./111/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7146] <... munmap resumed>) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./111") = 0 [pid 5868] mkdir("./112", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7146] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] <... close resumed>) = 0 [pid 7148] <... write resumed>) = 2097152 [pid 7146] <... openat resumed>) = 4 [pid 5871] <... close resumed>) = 0 [pid 7146] ioctl(4, LOOP_SET_FD, 3 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7149 attached ./strace-static-x86_64: Process 7150 attached [pid 7148] munmap(0x7f7017800000, 138412032 [pid 7150] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 234 [pid 7149] set_robust_list(0x55557616a6a0, 24 [pid 7150] <... set_robust_list resumed>) = 0 [pid 7149] <... set_robust_list resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 235 [pid 7150] chdir("./113" [pid 7146] <... ioctl resumed>) = 0 [pid 7150] <... chdir resumed>) = 0 [pid 7150] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7148] <... munmap resumed>) = 0 [pid 7146] close(3 [pid 7150] <... prctl resumed>) = 0 [pid 7148] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7146] <... close resumed>) = 0 [pid 7150] setpgid(0, 0 [pid 7146] close(4 [pid 7150] <... setpgid resumed>) = 0 [pid 7149] chdir("./112" [pid 7148] <... openat resumed>) = 4 [pid 7146] <... close resumed>) = 0 [pid 7148] ioctl(4, LOOP_SET_FD, 3 [pid 7146] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7149] <... chdir resumed>) = 0 [pid 7149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7149] setpgid(0, 0) = 0 [pid 7149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7146] <... mkdir resumed>) = 0 [pid 7150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7146] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7150] <... openat resumed>) = 3 [pid 7149] write(3, "1000", 4 [pid 7150] write(3, "1000", 4 [pid 7149] <... write resumed>) = 4 [pid 7149] close(3) = 0 [pid 7149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7150] <... write resumed>) = 4 [pid 7150] close(3 [pid 7149] write(1, "executing program\n", 18executing program [pid 7150] <... close resumed>) = 0 [pid 7149] <... write resumed>) = 18 [pid 7148] <... ioctl resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 7150] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7150] write(1, "executing program\n", 18) = 18 [pid 5869] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7150] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7150] <... mmap resumed>) = 0x7f701fcf4000 [pid 7148] close(3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7150] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7148] <... close resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7150] <... mprotect resumed>) = 0 [pid 7148] close(4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7150] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7149] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7148] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7148] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7149] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 4 [pid 7149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7148] <... mkdir resumed>) = 0 [pid 5869] newfstatat(4, "", [pid 7150] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7149] <... mmap resumed>) = 0x7f701fcf4000 [pid 7148] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [ 465.043016][ T7146] loop1: detected capacity change from 0 to 4096 [ 465.069845][ T7148] loop4: detected capacity change from 0 to 4096 [pid 7149] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 7151 attached [pid 7149] <... mprotect resumed>) = 0 [pid 5869] getdents64(4, [pid 7150] <... clone3 resumed> => {parent_tid=[236]}, 88) = 236 [pid 7149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7151] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7150] rt_sigprocmask(SIG_SETMASK, [], [pid 7149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] close(4 [pid 7149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7152 attached [pid 7152] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7149] <... clone3 resumed> => {parent_tid=[235]}, 88) = 235 [pid 7152] <... rseq resumed>) = 0 [pid 7149] rt_sigprocmask(SIG_SETMASK, [], [pid 7152] set_robust_list(0x7f701fd149a0, 24 [pid 7149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7146] <... mount resumed>) = 0 [pid 7152] <... set_robust_list resumed>) = 0 [pid 7149] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7152] rt_sigprocmask(SIG_SETMASK, [], [pid 7149] <... futex resumed>) = 0 [pid 7146] <... openat resumed>) = 3 [pid 5869] <... close resumed>) = 0 [pid 7152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7149] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7146] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] rmdir("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7152] memfd_create("syzkaller", 0 [pid 7151] <... rseq resumed>) = 0 [pid 7150] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] <... chdir resumed>) = 0 [pid 7150] <... futex resumed>) = 0 [pid 7151] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7150] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... rmdir resumed>) = 0 [pid 7151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7146] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7151] memfd_create("syzkaller", 0 [pid 7146] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7146] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7146] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7145] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7145] <... futex resumed>) = 0 [pid 5869] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7152] <... memfd_create resumed>) = 3 [pid 7151] <... memfd_create resumed>) = 3 [pid 7146] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7145] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7151] <... mmap resumed>) = 0x7f7017800000 [pid 7146] <... openat resumed>) = 4 [pid 5869] newfstatat(AT_FDCWD, "./112/binderfs", [pid 7146] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7146] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7145] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7145] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] unlink("./112/binderfs") = 0 [pid 5869] getdents64(3, [pid 7146] <... openat resumed>) = 5 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7146] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(3 [pid 7146] <... futex resumed>) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7145] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./112") = 0 [pid 7146] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5869] mkdir("./113", 0777 [pid 7146] <... write resumed>) = 1116 [pid 5869] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7146] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7145] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... ioctl resumed>) = 0 [pid 7145] <... futex resumed>) = 0 [pid 5869] close(3 [pid 7145] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7146] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7145] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7145] <... futex resumed>) = 0 [pid 7152] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7146] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7145] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7145] <... futex resumed>) = 0 [pid 7146] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7145] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7151] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7148] <... mount resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7148] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7148] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7148] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 7153 attached ) = -1 EBUSY (Device or resource busy) [pid 7148] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7152] <... write resumed>) = 2097152 [pid 7148] <... futex resumed>) = 1 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 234 [pid 7153] set_robust_list(0x55557616a6a0, 24 [pid 7148] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7147] <... futex resumed>) = 0 [pid 7153] <... set_robust_list resumed>) = 0 [pid 7148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7147] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7153] chdir("./113" [pid 7148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7147] <... futex resumed>) = 0 [pid 7153] <... chdir resumed>) = 0 [pid 7147] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7153] setpgid(0, 0) = 0 [pid 7153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7148] <... openat resumed>) = 4 [pid 7153] <... openat resumed>) = 3 [pid 7151] <... write resumed>) = 2097152 [pid 7153] write(3, "1000", 4 [pid 7148] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7147] <... futex resumed>) = 0 [pid 7152] munmap(0x7f7017800000, 138412032 [pid 7148] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7147] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7153] <... write resumed>) = 4 [pid 7152] <... munmap resumed>) = 0 [pid 7151] munmap(0x7f7017800000, 138412032 [pid 7147] <... futex resumed>) = 0 [pid 7153] close(3) = 0 [pid 7147] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7153] symlink("/dev/binderfs", "./binderfs" [pid 7148] <... openat resumed>) = 5 [pid 7148] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7147] <... futex resumed>) = 0 [pid 7147] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7147] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7148] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7148] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7153] <... symlink resumed>) = 0 executing program [pid 7153] write(1, "executing program\n", 18 [pid 7148] <... futex resumed>) = 1 [pid 7147] <... futex resumed>) = 0 [pid 7153] <... write resumed>) = 18 [pid 7147] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7153] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7147] <... futex resumed>) = 0 [pid 7153] <... futex resumed>) = 0 [pid 7151] <... munmap resumed>) = 0 [pid 7147] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7148] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7148] <... mmap resumed>) = 0x200000000000 [pid 7151] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7153] <... mmap resumed>) = 0x7f701fcf4000 [pid 7153] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7152] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7151] <... openat resumed>) = 4 [pid 7148] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7152] <... openat resumed>) = 4 [pid 7148] <... futex resumed>) = 1 [pid 7147] <... futex resumed>) = 0 [pid 7153] <... mprotect resumed>) = 0 [pid 7152] ioctl(4, LOOP_SET_FD, 3 [pid 7151] ioctl(4, LOOP_SET_FD, 3 [pid 7148] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7147] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7147] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7153] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7148] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7153] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7154 attached [pid 7148] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7153] <... clone3 resumed> => {parent_tid=[235]}, 88) = 235 [pid 7148] <... futex resumed>) = 1 [pid 7147] <... futex resumed>) = 0 [pid 7154] <... rseq resumed>) = 0 [pid 7153] rt_sigprocmask(SIG_SETMASK, [], [pid 7151] <... ioctl resumed>) = 0 [pid 7154] set_robust_list(0x7f701fd149a0, 24 [pid 7153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7151] close(3 [pid 7154] <... set_robust_list resumed>) = 0 [pid 7153] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] rt_sigprocmask(SIG_SETMASK, [], [pid 7153] <... futex resumed>) = 0 [pid 7154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7153] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7148] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7147] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7147] <... futex resumed>) = 0 [pid 7154] memfd_create("syzkaller", 0 [pid 7148] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7147] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7154] <... memfd_create resumed>) = 3 [pid 7154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7151] <... close resumed>) = 0 [pid 7152] <... ioctl resumed>) = 0 [pid 7151] close(4) = 0 [pid 7151] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7152] close(3) = 0 [pid 7152] close(4) = 0 [pid 7152] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 465.418341][ T7151] loop3: detected capacity change from 0 to 4096 [ 465.420620][ T7152] loop0: detected capacity change from 0 to 4096 [pid 7152] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7151] <... mkdir resumed>) = 0 [pid 7151] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7154] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7152] <... mount resumed>) = 0 [pid 7152] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7152] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7152] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7149] <... futex resumed>) = 0 [pid 7152] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7149] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7149] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7152] <... openat resumed>) = 4 [pid 7152] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7149] <... futex resumed>) = 0 [pid 7149] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7152] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7149] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7154] <... write resumed>) = 2097152 [pid 7152] <... openat resumed>) = 5 [pid 7152] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7149] <... futex resumed>) = 0 [pid 7152] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7149] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7152] <... write resumed>) = 1116 [pid 7149] <... futex resumed>) = 0 [pid 7149] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7152] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] munmap(0x7f7017800000, 138412032 [pid 7152] <... futex resumed>) = 1 [pid 7149] <... futex resumed>) = 0 [pid 7149] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7149] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7154] <... munmap resumed>) = 0 [pid 7152] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7145] <... futex resumed>) = ? [pid 7151] <... mount resumed>) = 0 [pid 7152] <... mmap resumed>) = 0x200000000000 [pid 7151] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7152] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7154] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7152] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7151] <... openat resumed>) = 3 [pid 7151] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7149] <... futex resumed>) = 0 [pid 7151] <... chdir resumed>) = 0 [pid 7154] <... openat resumed>) = 4 [pid 7149] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7151] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7149] <... futex resumed>) = 1 [pid 7149] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7154] ioctl(4, LOOP_SET_FD, 3 [pid 7152] <... futex resumed>) = 0 [pid 7151] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7146] +++ killed by SIGSEGV (core dumped) +++ [pid 7145] +++ killed by SIGSEGV (core dumped) +++ [pid 7151] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7152] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7151] <... futex resumed>) = 1 [pid 7150] <... futex resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=239, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 7151] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7152] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7150] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7151] <... futex resumed>) = 0 [pid 7150] <... futex resumed>) = 1 [pid 7152] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7150] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7152] <... futex resumed>) = 1 [pid 5870] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7152] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7149] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7149] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7152] <... futex resumed>) = 0 [pid 7149] <... futex resumed>) = 1 [pid 7149] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7152] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] newfstatat(3, "", [pid 7154] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, [pid 7154] close(3 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7154] <... close resumed>) = 0 [ 465.744873][ T7154] loop2: detected capacity change from 0 to 4096 [pid 7154] close(4) = 0 [pid 7151] <... openat resumed>) = 4 [pid 7150] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7150] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7150] <... futex resumed>) = 0 [pid 7154] <... mkdir resumed>) = 0 [pid 7150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 7154] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7151] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7151] <... futex resumed>) = 0 [pid 7151] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0}./strace-static-x86_64: Process 7155 attached [pid 7155] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7150] <... clone3 resumed> => {parent_tid=[237]}, 88) = 237 [pid 7150] rt_sigprocmask(SIG_SETMASK, [], [pid 7155] <... rseq resumed>) = 0 [pid 7155] set_robust_list(0x7f701fcf39a0, 24 [pid 7150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7155] <... set_robust_list resumed>) = 0 [pid 7155] rt_sigprocmask(SIG_SETMASK, [], [pid 7150] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7150] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7155] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7155] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7150] <... futex resumed>) = 0 [pid 7155] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7150] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7151] <... futex resumed>) = 0 [pid 7151] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7150] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7151] <... write resumed>) = 1116 [pid 7151] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7150] <... futex resumed>) = 0 [pid 7150] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7151] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7150] <... futex resumed>) = 0 [pid 7151] <... mmap resumed>) = 0x200000000000 [pid 7150] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7151] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7150] <... futex resumed>) = 0 [pid 7151] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7150] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7151] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7150] <... futex resumed>) = 0 [pid 7151] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7150] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7151] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7151] <... futex resumed>) = 0 [pid 7151] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7150] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7147] <... futex resumed>) = ? [pid 7148] +++ killed by SIGSEGV (core dumped) +++ [pid 7147] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=235, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7154] <... mount resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7154] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... openat resumed>) = 4 [pid 7154] <... openat resumed>) = 3 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7154] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] getdents64(4, [pid 7154] <... chdir resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7154] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] getdents64(4, [pid 7154] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7154] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7154] <... futex resumed>) = 1 [pid 5870] <... rmdir resumed>) = 0 [pid 7153] <... futex resumed>) = 0 [pid 7154] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7153] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7153] <... futex resumed>) = 0 [pid 7154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7153] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./112/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./112") = 0 [pid 5870] mkdir("./113", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7154] <... openat resumed>) = 4 [pid 5872] <... umount2 resumed>) = 0 [pid 7154] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7154] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7153] <... futex resumed>) = 0 [pid 7153] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7154] <... futex resumed>) = 0 [pid 7153] <... futex resumed>) = 1 [pid 7154] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7153] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7154] <... openat resumed>) = 5 [pid 5870] <... close resumed>) = 0 [pid 7154] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7154] <... futex resumed>) = 1 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7154] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 241 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 7156 attached [pid 5872] getdents64(4, [pid 7156] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7156] <... set_robust_list resumed>) = 0 [pid 5872] getdents64(4, [pid 7156] chdir("./113" [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 7156] <... chdir resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7156] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] rmdir("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7156] <... prctl resumed>) = 0 [pid 7153] <... futex resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 7156] setpgid(0, 0 [pid 7153] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7156] <... setpgid resumed>) = 0 [pid 7154] <... futex resumed>) = 0 [pid 7153] <... futex resumed>) = 1 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7154] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7153] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] newfstatat(AT_FDCWD, "./112/binderfs", [pid 7154] <... write resumed>) = 1116 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7154] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] unlink("./112/binderfs" [pid 7154] <... futex resumed>) = 1 [pid 7154] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7153] <... futex resumed>) = 0 [pid 5872] <... unlink resumed>) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./112") = 0 [pid 5872] mkdir("./113", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7153] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7154] <... futex resumed>) = 0 [pid 7153] <... futex resumed>) = 1 [pid 7156] <... openat resumed>) = 3 [pid 7154] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7153] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7154] <... mmap resumed>) = 0x200000000000 [pid 7154] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7149] <... futex resumed>) = ? [pid 7156] write(3, "1000", 4 [pid 7152] +++ killed by SIGSEGV (core dumped) +++ [pid 7149] +++ killed by SIGSEGV (core dumped) +++ [pid 7154] <... futex resumed>) = 1 [pid 7153] <... futex resumed>) = 0 [pid 7154] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7153] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=234, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [pid 7153] <... futex resumed>) = 0 [pid 7154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7154] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7153] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7154] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5868] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7156] <... write resumed>) = 4 [pid 5868] <... openat resumed>) = 3 [pid 7156] close(3 [pid 5868] newfstatat(3, "", [pid 7156] <... close resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7156] symlink("/dev/binderfs", "./binderfs" [pid 5868] getdents64(3, executing program [pid 7156] <... symlink resumed>) = 0 [pid 7154] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7154] <... futex resumed>) = 1 [pid 7153] <... futex resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7154] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7153] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7156] write(1, "executing program\n", 18 [pid 7153] <... futex resumed>) = 0 [pid 7156] <... write resumed>) = 18 [pid 7153] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7156] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7156] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7157 attached => {parent_tid=[242]}, 88) = 242 [pid 7156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7156] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7157] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7157] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5872] <... close resumed>) = 0 [pid 7157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7157] memfd_create("syzkaller", 0./strace-static-x86_64: Process 7158 attached [pid 7158] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7158] chdir("./113" [pid 7157] <... memfd_create resumed>) = 3 [pid 7157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 7158] <... chdir resumed>) = 0 [pid 7157] <... mmap resumed>) = 0x7f7017800000 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 237 [pid 7158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7158] setpgid(0, 0) = 0 [pid 7158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7158] write(3, "1000", 4) = 4 [pid 7158] close(3) = 0 [pid 7158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7158] write(1, "executing program\n", 18) = 18 [pid 7158] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7158] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[238]}, 88) = 238 [pid 7158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7158] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7158] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7159 attached [pid 7159] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7159] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7151] +++ killed by SIGSEGV (core dumped) +++ [pid 7159] memfd_create("syzkaller", 0) = 3 [pid 7150] <... futex resumed>) = ? [pid 7159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7155] <... futex resumed>) = ? [pid 7155] +++ killed by SIGSEGV (core dumped) +++ [pid 7150] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=235, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5871] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7157] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... umount2 resumed>) = 0 [pid 7159] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 7157] <... write resumed>) = 2097152 [pid 5868] rmdir("\x2e\x2f\x31\x31\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7157] munmap(0x7f7017800000, 138412032 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7157] <... munmap resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./112/binderfs", [pid 7157] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./112/binderfs" [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... unlink resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] getdents64(3, [pid 7157] <... openat resumed>) = 4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7157] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./112") = 0 [pid 5868] mkdir("./113", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5871] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7157] <... ioctl resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7159] <... write resumed>) = 2097152 [pid 7157] close(3 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... close resumed>) = 0 [pid 7157] <... close resumed>) = 0 [pid 7159] munmap(0x7f7017800000, 138412032 [pid 7157] close(4 [pid 5871] getdents64(4, [pid 7157] <... close resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7157] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7159] <... munmap resumed>) = 0 [pid 7157] <... mkdir resumed>) = 0 [pid 5871] close(4 [ 466.383646][ T7157] loop1: detected capacity change from 0 to 4096 [pid 7157] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... close resumed>) = 0 [pid 7159] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] rmdir("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7159] <... openat resumed>) = 4 [pid 5871] <... rmdir resumed>) = 0 [pid 7159] ioctl(4, LOOP_SET_FD, 3 [pid 5871] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./113/binderfs"./strace-static-x86_64: Process 7160 attached ) = 0 [pid 7160] set_robust_list(0x55557616a6a0, 24 [pid 7159] <... ioctl resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7160] <... set_robust_list resumed>) = 0 [pid 5871] close(3) = 0 [pid 7160] chdir("./113" [pid 5871] rmdir("./113") = 0 [pid 5871] mkdir("./114", 0777) = 0 [pid 7159] close(3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7159] <... close resumed>) = 0 [pid 7160] <... chdir resumed>) = 0 [pid 7159] close(4 [pid 5871] <... openat resumed>) = 3 [pid 7160] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7159] <... close resumed>) = 0 [pid 7160] <... prctl resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7160] setpgid(0, 0) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 7159] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] close(3 [pid 7160] <... openat resumed>) = 3 [pid 7159] <... mkdir resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 236 [pid 7160] write(3, "1000", 4 [pid 7159] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7160] <... write resumed>) = 4 [pid 7160] close(3) = 0 [pid 7160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7160] write(1, "executing program\n", 18) = 18 [pid 7160] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 0 [pid 7160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7160] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7161 attached [pid 7161] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7160] <... clone3 resumed> => {parent_tid=[237]}, 88) = 237 [ 466.448064][ T7159] loop4: detected capacity change from 0 to 4096 [pid 7160] rt_sigprocmask(SIG_SETMASK, [], [pid 7161] <... rseq resumed>) = 0 [pid 7160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7161] set_robust_list(0x7f701fd149a0, 24 [pid 7160] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... set_robust_list resumed>) = 0 [pid 7160] <... futex resumed>) = 0 [pid 7161] rt_sigprocmask(SIG_SETMASK, [], [pid 7160] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7161] memfd_create("syzkaller", 0 [pid 5871] <... close resumed>) = 0 [pid 7161] <... memfd_create resumed>) = 3 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 7162 attached [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 238 [pid 7162] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7162] chdir("./114") = 0 [pid 7153] <... futex resumed>) = ? [pid 7162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7162] setpgid(0, 0) = 0 [pid 7162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7157] <... mount resumed>) = 0 [pid 7162] write(3, "1000", 4) = 4 [pid 7162] close(3) = 0 [pid 7162] symlink("/dev/binderfs", "./binderfs" [pid 7157] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORYexecuting program [pid 7162] <... symlink resumed>) = 0 [pid 7162] write(1, "executing program\n", 18) = 18 [pid 7162] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7157] <... openat resumed>) = 3 [pid 7162] <... mmap resumed>) = 0x7f701fcf4000 [pid 7162] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7157] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7162] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7157] <... chdir resumed>) = 0 [pid 7154] +++ killed by SIGSEGV (core dumped) +++ [pid 7153] +++ killed by SIGSEGV (core dumped) +++ [pid 7157] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=234, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [pid 7162] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7163 attached => {parent_tid=[239]}, 88) = 239 [pid 7163] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7162] rt_sigprocmask(SIG_SETMASK, [], [pid 7157] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7163] <... rseq resumed>) = 0 [pid 7163] set_robust_list(0x7f701fd149a0, 24 [pid 7162] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] <... set_robust_list resumed>) = 0 [pid 7157] <... futex resumed>) = 1 [pid 7156] <... futex resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7157] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] rt_sigprocmask(SIG_SETMASK, [], [pid 7162] <... futex resumed>) = 0 [pid 7157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7162] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7163] memfd_create("syzkaller", 0 [pid 5869] <... openat resumed>) = 3 [pid 7163] <... memfd_create resumed>) = 3 [pid 7163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] newfstatat(3, "", [pid 7163] <... mmap resumed>) = 0x7f7017800000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7157] <... openat resumed>) = 4 [pid 7157] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7156] <... futex resumed>) = 0 [pid 7156] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7157] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7156] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7157] <... openat resumed>) = 5 [pid 7157] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] <... mount resumed>) = 0 [pid 7157] <... futex resumed>) = 1 [pid 7156] <... futex resumed>) = 0 [pid 7159] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7157] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] <... openat resumed>) = 3 [pid 7157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7156] <... futex resumed>) = 0 [pid 7157] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7156] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7157] <... write resumed>) = 1116 [pid 7163] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7159] <... chdir resumed>) = 0 [pid 7157] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7157] <... futex resumed>) = 1 [pid 7156] <... futex resumed>) = 0 [pid 7159] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7157] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7156] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] <... mmap resumed>) = 0x200000000000 [pid 7156] <... futex resumed>) = 0 [pid 7159] <... futex resumed>) = 1 [pid 7157] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7158] <... futex resumed>) = 0 [pid 7157] <... futex resumed>) = 0 [pid 7156] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7157] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7156] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7156] <... futex resumed>) = 0 [pid 7158] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] <... futex resumed>) = 0 [pid 7158] <... futex resumed>) = 1 [pid 7157] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7156] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7158] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7157] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7156] <... futex resumed>) = 0 [pid 7157] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7156] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7159] <... openat resumed>) = 4 [pid 7159] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7158] <... futex resumed>) = 0 [pid 7159] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7158] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... write resumed>) = 2097152 [pid 7159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7158] <... futex resumed>) = 0 [pid 7159] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7158] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] munmap(0x7f7017800000, 138412032 [pid 5869] <... umount2 resumed>) = 0 [pid 7161] <... munmap resumed>) = 0 [pid 7159] <... openat resumed>) = 5 [pid 7159] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7158] <... futex resumed>) = 0 [pid 7161] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7159] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7158] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... openat resumed>) = 4 [pid 7159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7158] <... futex resumed>) = 0 [pid 7161] ioctl(4, LOOP_SET_FD, 3 [pid 7159] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7158] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] <... write resumed>) = 2097152 [pid 7163] munmap(0x7f7017800000, 138412032 [pid 7159] <... write resumed>) = 1116 [pid 7159] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7158] <... futex resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7158] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] <... munmap resumed>) = 0 [pid 7158] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7163] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7161] <... ioctl resumed>) = 0 [pid 7159] <... mmap resumed>) = 0x200000000000 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7161] close(3 [pid 7159] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7161] <... close resumed>) = 0 [pid 7159] <... futex resumed>) = 1 [pid 5869] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7161] close(4 [pid 7159] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7161] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7161] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7158] <... futex resumed>) = 0 [pid 7158] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 4 [pid 7158] <... futex resumed>) = 1 [pid 7161] <... mkdir resumed>) = 0 [pid 7159] <... futex resumed>) = 0 [pid 7158] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] newfstatat(4, "", [pid 7161] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7159] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7163] <... openat resumed>) = 4 [pid 7159] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5869] getdents64(4, [pid 7159] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7159] <... futex resumed>) = 1 [pid 7163] ioctl(4, LOOP_SET_FD, 3 [pid 7159] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7158] <... futex resumed>) = 0 [pid 5869] getdents64(4, [pid 7158] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7158] <... futex resumed>) = 1 [pid 5869] close(4 [pid 7159] <... futex resumed>) = 0 [pid 7159] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7158] ???( [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./113/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./113") = 0 [pid 5869] mkdir("./114", 0777) = 0 [pid 7163] <... ioctl resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 7163] close(3) = 0 [ 466.795317][ T7161] loop0: detected capacity change from 0 to 4096 [ 466.834243][ T7163] loop3: detected capacity change from 0 to 4096 [pid 7163] close(4 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 7163] <... close resumed>) = 0 [pid 5869] close(3 [pid 7163] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7163] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7164 attached [pid 7164] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 236 [pid 7164] <... set_robust_list resumed>) = 0 [pid 7164] chdir("./114") = 0 [pid 7164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7164] setpgid(0, 0) = 0 [pid 7164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7164] write(3, "1000", 4) = 4 [pid 7164] close(3) = 0 [pid 7164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7164] write(1, "executing program\n", 18executing program ) = 18 [pid 7161] <... mount resumed>) = 0 [pid 7164] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7163] <... mount resumed>) = 0 [pid 7161] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7161] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7164] <... mmap resumed>) = 0x7f701fcf4000 [pid 7164] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7163] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7161] <... chdir resumed>) = 0 [pid 7164] <... mprotect resumed>) = 0 [pid 7163] <... openat resumed>) = 3 [pid 7161] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7164] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7163] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7161] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7164] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7163] <... chdir resumed>) = 0 [pid 7163] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7165 attached [pid 7163] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7161] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] <... clone3 resumed> => {parent_tid=[237]}, 88) = 237 [pid 7161] <... futex resumed>) = 1 [pid 7161] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7164] rt_sigprocmask(SIG_SETMASK, [], [pid 7163] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] <... futex resumed>) = 0 [pid 7164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7163] <... futex resumed>) = 1 [pid 7162] <... futex resumed>) = 0 [pid 7164] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] <... futex resumed>) = 0 [pid 7165] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7164] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7162] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] <... futex resumed>) = 0 [pid 7160] <... futex resumed>) = 1 [pid 7165] <... rseq resumed>) = 0 [pid 7162] <... futex resumed>) = 1 [pid 7161] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7160] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] <... futex resumed>) = 0 [pid 7165] set_robust_list(0x7f701fd149a0, 24 [pid 7163] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7162] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] <... set_robust_list resumed>) = 0 [pid 7165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7165] memfd_create("syzkaller", 0 [pid 7163] <... openat resumed>) = 4 [pid 7161] <... openat resumed>) = 4 [pid 7161] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7161] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] <... futex resumed>) = 0 [pid 7160] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... memfd_create resumed>) = 3 [pid 7163] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] <... futex resumed>) = 1 [pid 7161] <... futex resumed>) = 0 [pid 7161] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7163] <... futex resumed>) = 1 [pid 7162] <... futex resumed>) = 0 [pid 7160] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7162] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... mmap resumed>) = 0x7f7017800000 [pid 7162] <... futex resumed>) = 0 [pid 7161] <... openat resumed>) = 5 [pid 7162] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] <... openat resumed>) = 5 [pid 7161] <... futex resumed>) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7161] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7163] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] <... futex resumed>) = 1 [pid 7162] <... futex resumed>) = 0 [pid 7161] <... futex resumed>) = 0 [pid 7160] <... futex resumed>) = 1 [pid 7163] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7162] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7160] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7162] <... futex resumed>) = 0 [pid 7161] <... write resumed>) = 1116 [pid 7156] <... futex resumed>) = ? [pid 7163] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7162] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7163] <... write resumed>) = 1116 [pid 7161] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] <... futex resumed>) = 0 [pid 7160] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] +++ killed by SIGSEGV (core dumped) +++ [pid 7156] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=241, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7161] <... futex resumed>) = 0 [pid 7160] <... futex resumed>) = 1 [pid 7161] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7160] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... restart_syscall resumed>) = 0 [pid 7163] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7161] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] <... futex resumed>) = 1 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7162] <... futex resumed>) = 0 [pid 7161] <... futex resumed>) = 0 [pid 7160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7163] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7162] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7160] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 7163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7162] <... futex resumed>) = 0 [pid 7161] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7160] <... futex resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 7163] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7162] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7163] <... mmap resumed>) = 0x200000000000 [pid 7161] <... futex resumed>) = 0 [pid 5870] getdents64(3, [pid 7161] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7163] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7160] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] <... futex resumed>) = 1 [pid 7160] <... futex resumed>) = 1 [pid 7162] <... futex resumed>) = 0 [pid 7163] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7162] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7162] <... futex resumed>) = 0 [pid 7163] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7162] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7161] <... futex resumed>) = 0 [pid 7163] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7161] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7163] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7163] <... futex resumed>) = 1 [pid 7162] <... futex resumed>) = 0 [pid 7158] <... ??? resumed>) = ? [pid 7162] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7162] <... futex resumed>) = 0 [pid 7159] +++ killed by SIGSEGV (core dumped) +++ [pid 7158] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=237, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5872] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7162] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] <... write resumed>) = 2097152 [pid 7165] munmap(0x7f7017800000, 138412032) = 0 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7165] close(3) = 0 [pid 7165] close(4) = 0 [pid 7165] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 467.368420][ T7165] loop2: detected capacity change from 0 to 4096 [pid 7165] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... umount2 resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... rmdir resumed>) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5872] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./113/binderfs", [pid 5870] newfstatat(4, "", [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] unlink("./113/binderfs" [pid 5870] getdents64(4, [pid 5872] <... unlink resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(3, [pid 5870] getdents64(4, [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 5870] close(4 [pid 5872] <... close resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] rmdir("./113" [pid 5870] rmdir("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] <... rmdir resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] mkdir("./114", 0777 [pid 5870] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... mkdir resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] newfstatat(AT_FDCWD, "./113/binderfs", [pid 5872] <... openat resumed>) = 3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5870] unlink("./113/binderfs" [pid 5872] <... ioctl resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 5872] close(3 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./113") = 0 [pid 5870] mkdir("./114", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7166 attached , child_tidptr=0x55557616a690) = 239 [pid 5870] <... close resumed>) = 0 [pid 7166] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7167 attached [pid 7166] chdir("./114") = 0 [pid 7167] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 243 [pid 7167] chdir("./114") = 0 [pid 7167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7167] setpgid(0, 0) = 0 [pid 7167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7167] write(3, "1000", 4) = 4 [pid 7167] close(3 [pid 7166] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7167] <... close resumed>) = 0 [pid 7166] <... prctl resumed>) = 0 [pid 7167] symlink("/dev/binderfs", "./binderfs" [pid 7166] setpgid(0, 0 [pid 7167] <... symlink resumed>) = 0 [pid 7167] write(1, "executing program\n", 18executing program [pid 7166] <... setpgid resumed>) = 0 [pid 7165] <... mount resumed>) = 0 [pid 7167] <... write resumed>) = 18 [pid 7166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7165] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7167] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7166] <... openat resumed>) = 3 [pid 7165] <... openat resumed>) = 3 [pid 7167] <... futex resumed>) = 0 [pid 7167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7167] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7167] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7166] write(3, "1000", 4 [pid 7165] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7167] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7168 attached => {parent_tid=[244]}, 88) = 244 [pid 7166] <... write resumed>) = 4 [pid 7165] <... chdir resumed>) = 0 [pid 7166] close(3 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7166] <... close resumed>) = 0 [pid 7165] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7168] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7166] symlink("/dev/binderfs", "./binderfs" [pid 7165] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7168] <... rseq resumed>) = 0 [pid 7167] rt_sigprocmask(SIG_SETMASK, [], [pid 7168] set_robust_list(0x7f701fd149a0, 24 [pid 7167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7166] <... symlink resumed>) = 0 [pid 7165] <... futex resumed>) = 1 [pid 7164] <... futex resumed>) = 0 [pid 7168] <... set_robust_list resumed>) = 0 [pid 7167] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7166] write(1, "executing program\n", 18 [pid 7168] rt_sigprocmask(SIG_SETMASK, [], [pid 7167] <... futex resumed>) = 0 [pid 7166] <... write resumed>) = 18 [pid 7165] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7164] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7166] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] <... futex resumed>) = 0 [pid 7165] <... openat resumed>) = 4 [pid 7167] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7168] memfd_create("syzkaller", 0) = 3 [pid 7166] <... futex resumed>) = 0 [pid 7165] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7165] <... futex resumed>) = 0 [pid 7168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7166] <... mmap resumed>) = 0x7f701fcf4000 [pid 7165] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7168] <... mmap resumed>) = 0x7f7017800000 [pid 7166] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7164] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7166] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7165] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7164] <... futex resumed>) = 0 [pid 7166] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7164] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7169 attached [pid 7165] <... openat resumed>) = 5 [pid 7160] <... futex resumed>) = ? [pid 7169] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7166] <... clone3 resumed> => {parent_tid=[240]}, 88) = 240 [pid 7169] <... rseq resumed>) = 0 [pid 7169] set_robust_list(0x7f701fd149a0, 24 [pid 7166] rt_sigprocmask(SIG_SETMASK, [], [pid 7165] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7169] <... set_robust_list resumed>) = 0 [pid 7166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7165] <... futex resumed>) = 1 [pid 7164] <... futex resumed>) = 0 [pid 7169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7169] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7166] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7161] +++ killed by SIGSEGV (core dumped) +++ [pid 7160] +++ killed by SIGSEGV (core dumped) +++ [pid 7166] <... futex resumed>) = 1 [pid 7164] <... futex resumed>) = 0 [pid 7165] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7166] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7164] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7169] <... futex resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=236, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 7169] memfd_create("syzkaller", 0 [pid 7165] <... write resumed>) = 1116 [pid 7169] <... memfd_create resumed>) = 3 [pid 7169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7165] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7169] <... mmap resumed>) = 0x7f7017800000 [pid 7165] <... futex resumed>) = 1 [pid 7164] <... futex resumed>) = 0 [pid 7164] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7164] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5868] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7165] <... mmap resumed>) = 0x200000000000 [pid 7162] <... futex resumed>) = ? [pid 7165] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(3, "", [pid 7165] <... futex resumed>) = 1 [pid 7164] <... futex resumed>) = 0 [pid 7164] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7165] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7164] <... futex resumed>) = 0 [pid 5868] getdents64(3, [pid 7165] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7164] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7165] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7163] +++ killed by SIGSEGV (core dumped) +++ [pid 7162] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7165] <... futex resumed>) = 1 [pid 7164] <... futex resumed>) = 0 [pid 7165] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7164] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=238, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 7165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7164] <... futex resumed>) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7164] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7165] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7168] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7169] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7168] <... write resumed>) = 2097152 [pid 5868] <... umount2 resumed>) = 0 [pid 7168] munmap(0x7f7017800000, 138412032) = 0 [pid 7168] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7168] ioctl(4, LOOP_SET_FD, 3 [pid 5868] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7169] <... write resumed>) = 2097152 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7168] <... ioctl resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 7168] close(3 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7168] <... close resumed>) = 0 [pid 7168] close(4 [pid 5868] getdents64(4, [pid 7168] <... close resumed>) = 0 [pid 7168] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7168] <... mkdir resumed>) = 0 [pid 5868] close(4 [pid 7168] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x31\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./113/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./113") = 0 [pid 7169] munmap(0x7f7017800000, 138412032 [pid 5868] mkdir("./114", 0777 [pid 7164] <... futex resumed>) = ? [pid 5868] <... mkdir resumed>) = 0 [ 467.865659][ T7168] loop1: detected capacity change from 0 to 4096 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7165] +++ killed by SIGSEGV (core dumped) +++ [pid 7164] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=236, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 7169] <... munmap resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7169] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7169] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7170 attached [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7170] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7170] chdir("./114" [pid 5871] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 238 [pid 7170] <... chdir resumed>) = 0 [pid 7170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7170] setpgid(0, 0) = 0 [pid 7170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7170] <... openat resumed>) = 3 [pid 7170] write(3, "1000", 4 [pid 5871] <... openat resumed>) = 4 [pid 7170] <... write resumed>) = 4 [pid 5871] newfstatat(4, "", [pid 7170] close(3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7170] <... close resumed>) = 0 [pid 7170] symlink("/dev/binderfs", "./binderfs" [pid 5871] getdents64(4, [pid 7170] <... symlink resumed>) = 0 executing program [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7170] write(1, "executing program\n", 18 [pid 5871] getdents64(4, [pid 7170] <... write resumed>) = 18 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7170] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7169] <... ioctl resumed>) = 0 [pid 5871] close(4 [pid 7170] <... futex resumed>) = 0 [pid 7169] close(3 [pid 5871] <... close resumed>) = 0 [pid 7170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7169] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7170] <... mmap resumed>) = 0x7f701fcf4000 [pid 7169] close(4 [pid 5871] <... rmdir resumed>) = 0 [pid 7169] <... close resumed>) = 0 [pid 7170] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7169] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7170] <... mprotect resumed>) = 0 [pid 7169] <... mkdir resumed>) = 0 [pid 7170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7169] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7171 attached => {parent_tid=[239]}, 88) = 239 [ 467.968241][ T7169] loop4: detected capacity change from 0 to 4096 [pid 7171] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7170] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7171] <... rseq resumed>) = 0 [pid 7171] set_robust_list(0x7f701fd149a0, 24 [pid 7170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7171] <... set_robust_list resumed>) = 0 [pid 7170] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] newfstatat(AT_FDCWD, "./114/binderfs", [pid 7171] rt_sigprocmask(SIG_SETMASK, [], [pid 7170] <... futex resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7171] memfd_create("syzkaller", 0 [pid 7170] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] unlink("./114/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 7171] <... memfd_create resumed>) = 3 [pid 7168] <... mount resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7168] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] rmdir("./114" [pid 7171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7168] <... openat resumed>) = 3 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] mkdir("./115", 0777 [pid 7171] <... mmap resumed>) = 0x7f7017800000 [pid 7168] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7168] <... chdir resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7168] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3 [pid 7168] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] <... umount2 resumed>) = 0 [pid 7168] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7168] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7167] <... futex resumed>) = 0 [pid 7167] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7168] <... futex resumed>) = 0 [pid 7167] <... futex resumed>) = 1 [pid 7168] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7167] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./114/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./114") = 0 [pid 5869] mkdir("./115", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7168] <... openat resumed>) = 4 [pid 7168] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 7168] <... futex resumed>) = 1 [pid 7167] <... futex resumed>) = 0 [pid 7167] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7168] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7167] <... futex resumed>) = 0 [pid 7167] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7168] <... openat resumed>) = 5 [pid 7168] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7168] <... futex resumed>) = 1 [pid 7167] <... futex resumed>) = 0 [pid 7168] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7167] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7168] <... write resumed>) = 1116 [pid 7167] <... futex resumed>) = 0 [pid 7167] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7168] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7167] <... futex resumed>) = 0 [pid 7167] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7168] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7167] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7171] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7168] <... mmap resumed>) = 0x200000000000 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 240 ./strace-static-x86_64: Process 7172 attached [pid 7168] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7172] set_robust_list(0x55557616a6a0, 24 [pid 7168] <... futex resumed>) = 1 [pid 7167] <... futex resumed>) = 0 [pid 7167] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7167] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7168] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7168] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7167] <... futex resumed>) = 0 [pid 7167] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7167] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7168] <... futex resumed>) = 1 [pid 7168] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7172] <... set_robust_list resumed>) = 0 [pid 7172] chdir("./115") = 0 [pid 7172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7172] setpgid(0, 0) = 0 [pid 7172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7172] write(3, "1000", 4) = 4 [pid 7172] close(3 [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7173 attached [pid 7172] <... close resumed>) = 0 [pid 7173] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7173] chdir("./115" [pid 7172] symlink("/dev/binderfs", "./binderfs" [pid 7173] <... chdir resumed>) = 0 [pid 7173] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 7172] <... symlink resumed>) = 0 [pid 7172] write(1, "executing program\n", 18 [pid 7173] setpgid(0, 0 [pid 7172] <... write resumed>) = 18 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 238 [pid 7172] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7172] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7173] <... setpgid resumed>) = 0 [pid 7172] <... mprotect resumed>) = 0 [pid 7173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7172] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7173] write(3, "1000", 4) = 4 [pid 7173] close(3) = 0 [pid 7172] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7173] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7173] write(1, "executing program\n", 18) = 18 [pid 7173] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7173] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7173] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7173] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7172] <... clone3 resumed> => {parent_tid=[241]}, 88) = 241 [pid 7173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7172] rt_sigprocmask(SIG_SETMASK, [], [pid 7173] <... clone3 resumed> => {parent_tid=[239]}, 88) = 239 [pid 7172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7173] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7173] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7175 attached [pid 7175] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7172] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7175] <... rseq resumed>) = 0 [pid 7175] set_robust_list(0x7f701fd149a0, 24 [pid 7172] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7174 attached [pid 7175] <... set_robust_list resumed>) = 0 [pid 7172] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7169] <... mount resumed>) = 0 [pid 7175] rt_sigprocmask(SIG_SETMASK, [], [pid 7169] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7174] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7174] <... rseq resumed>) = 0 [pid 7171] <... write resumed>) = 2097152 [pid 7169] <... openat resumed>) = 3 [pid 7175] memfd_create("syzkaller", 0 [pid 7174] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7174] rt_sigprocmask(SIG_SETMASK, [], [pid 7169] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7171] munmap(0x7f7017800000, 138412032 [pid 7174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7171] <... munmap resumed>) = 0 [pid 7169] <... chdir resumed>) = 0 [pid 7175] <... memfd_create resumed>) = 3 [pid 7174] memfd_create("syzkaller", 0 [pid 7169] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7169] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7175] <... mmap resumed>) = 0x7f7017800000 [pid 7174] <... memfd_create resumed>) = 3 [pid 7169] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7169] <... futex resumed>) = 1 [pid 7174] <... mmap resumed>) = 0x7f7017800000 [pid 7169] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7166] <... futex resumed>) = 0 [pid 7166] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7169] <... futex resumed>) = 0 [pid 7166] <... futex resumed>) = 1 [pid 7169] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7171] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7169] <... openat resumed>) = 4 [pid 7166] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7171] <... openat resumed>) = 4 [pid 7171] ioctl(4, LOOP_SET_FD, 3 [pid 7169] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7166] <... futex resumed>) = 0 [pid 7169] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7166] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7166] <... futex resumed>) = 0 [pid 7169] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7166] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7169] <... openat resumed>) = 5 [pid 7169] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7166] <... futex resumed>) = 0 [pid 7166] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7166] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7169] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7169] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7171] <... ioctl resumed>) = 0 [pid 7171] close(3) = 0 [pid 7171] close(4) = 0 [pid 7171] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7169] <... futex resumed>) = 1 [pid 7166] <... futex resumed>) = 0 [pid 7169] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7166] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7166] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7169] <... mmap resumed>) = 0x200000000000 [ 468.318965][ T7171] loop0: detected capacity change from 0 to 4096 [pid 7171] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7169] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7166] <... futex resumed>) = 0 [pid 7166] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7175] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7174] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7169] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7166] <... futex resumed>) = 0 [pid 7169] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7166] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7169] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7166] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7169] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7175] <... write resumed>) = 2097152 [pid 7175] munmap(0x7f7017800000, 138412032) = 0 [pid 7174] <... write resumed>) = 2097152 [pid 7174] munmap(0x7f7017800000, 138412032 [pid 7175] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7174] <... munmap resumed>) = 0 [pid 7175] <... openat resumed>) = 4 [pid 7175] ioctl(4, LOOP_SET_FD, 3 [pid 7174] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7174] close(3) = 0 [pid 7174] close(4) = 0 [pid 7174] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7167] <... futex resumed>) = ? [pid 7175] <... ioctl resumed>) = 0 [pid 7174] <... mkdir resumed>) = 0 [pid 7175] close(3 [pid 7174] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7175] <... close resumed>) = 0 [pid 7168] +++ killed by SIGSEGV (core dumped) +++ [pid 7167] +++ killed by SIGSEGV (core dumped) +++ [pid 7175] close(4 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=243, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 7175] <... close resumed>) = 0 [pid 7175] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5870] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7175] <... mkdir resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 468.503461][ T7175] loop2: detected capacity change from 0 to 4096 [ 468.513499][ T7174] loop3: detected capacity change from 0 to 4096 [pid 7175] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7171] <... mount resumed>) = 0 [pid 7171] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7171] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7171] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7171] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7170] <... futex resumed>) = 0 [pid 7170] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7171] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7170] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7171] <... openat resumed>) = 4 [pid 7171] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7170] <... futex resumed>) = 0 [pid 7170] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7170] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7171] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7171] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] <... futex resumed>) = 0 [pid 7170] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7171] <... futex resumed>) = 1 [pid 7170] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7166] <... futex resumed>) = ? [pid 7171] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7171] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7170] <... futex resumed>) = 0 [pid 7170] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7170] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7171] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7169] +++ killed by SIGSEGV (core dumped) +++ [pid 7166] +++ killed by SIGSEGV (core dumped) +++ [pid 7171] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7170] <... futex resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=239, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 7170] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7170] <... futex resumed>) = 0 [pid 7171] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7170] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7171] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7171] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... restart_syscall resumed>) = 0 [pid 7171] <... futex resumed>) = 1 [pid 7170] <... futex resumed>) = 0 [pid 7170] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7171] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7170] <... futex resumed>) = 0 [pid 7175] <... mount resumed>) = 0 [pid 5872] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", [pid 7175] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7174] <... mount resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7175] <... openat resumed>) = 3 [pid 7174] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7175] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7174] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7175] <... chdir resumed>) = 0 [pid 7174] <... chdir resumed>) = 0 [pid 7175] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7174] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7175] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7174] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7175] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7172] <... futex resumed>) = 0 [pid 7175] <... futex resumed>) = 1 [pid 7173] <... futex resumed>) = 0 [pid 7173] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7173] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7172] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7175] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7172] <... futex resumed>) = 0 [pid 7172] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7174] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] <... umount2 resumed>) = 0 [pid 7175] <... openat resumed>) = 4 [pid 7175] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] <... openat resumed>) = 4 [pid 7173] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7173] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7173] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7175] <... futex resumed>) = 1 [pid 7174] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7173] <... futex resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7173] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 7175] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7174] <... futex resumed>) = 0 [pid 7172] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7174] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7175] <... openat resumed>) = 5 [pid 7174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7172] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7174] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7172] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7172] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7175] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7174] <... openat resumed>) = 5 [pid 7173] <... futex resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7175] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7174] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7173] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] <... futex resumed>) = 1 [pid 7173] <... futex resumed>) = 0 [pid 7172] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7174] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7173] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7172] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7175] <... write resumed>) = 1116 [pid 7174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7172] <... futex resumed>) = 0 [pid 7175] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7172] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 4 [pid 7175] <... futex resumed>) = 1 [pid 7173] <... futex resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 7173] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] <... write resumed>) = 1116 [pid 7173] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7175] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7173] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7175] <... mmap resumed>) = 0x200000000000 [pid 5870] getdents64(4, [pid 7175] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7175] <... futex resumed>) = 1 [pid 7174] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7173] <... futex resumed>) = 0 [pid 5870] getdents64(4, [pid 7173] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7173] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7175] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7174] <... futex resumed>) = 1 [pid 7172] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7175] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7175] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7173] <... futex resumed>) = 0 [pid 7172] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(4 [pid 7173] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7175] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7174] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7172] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7172] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] rmdir("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7174] <... mmap resumed>) = 0x200000000000 [pid 5870] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7174] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7174] <... futex resumed>) = 1 [pid 7172] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./114/binderfs", [pid 7174] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7172] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7172] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7174] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7172] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] unlink("./114/binderfs" [pid 7174] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] <... unlink resumed>) = 0 [pid 7174] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7174] <... futex resumed>) = 1 [pid 7172] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7172] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] close(3 [pid 7172] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./114") = 0 [pid 5870] mkdir("./115", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7174] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./114/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./114") = 0 [pid 5872] mkdir("./115", 0777 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7176 attached [pid 5872] <... mkdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 245 [pid 7176] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... openat resumed>) = 3 [pid 7176] <... set_robust_list resumed>) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 7176] chdir("./115" [pid 5872] <... ioctl resumed>) = 0 [pid 7176] <... chdir resumed>) = 0 [pid 5872] close(3 [pid 7176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7176] setpgid(0, 0) = 0 [pid 7176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7176] write(3, "1000", 4 [pid 5872] <... close resumed>) = 0 [pid 7176] <... write resumed>) = 4 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7176] close(3) = 0 [pid 7176] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 7177 attached ) = 0 [pid 7177] set_robust_list(0x55557616a6a0, 24 executing program [pid 7176] write(1, "executing program\n", 18 [pid 7177] <... set_robust_list resumed>) = 0 [pid 7176] <... write resumed>) = 18 [pid 7177] chdir("./115" [pid 7176] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] <... chdir resumed>) = 0 [pid 7176] <... futex resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 241 [pid 7176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7177] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7176] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7177] <... prctl resumed>) = 0 [pid 7176] <... mprotect resumed>) = 0 [pid 7177] setpgid(0, 0 [pid 7176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7177] <... setpgid resumed>) = 0 [pid 7176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 7178 attached ) = 3 [pid 7176] <... clone3 resumed> => {parent_tid=[246]}, 88) = 246 [pid 7178] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7176] rt_sigprocmask(SIG_SETMASK, [], [pid 7178] <... rseq resumed>) = 0 [pid 7176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7178] set_robust_list(0x7f701fd149a0, 24 [pid 7176] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] <... set_robust_list resumed>) = 0 [pid 7176] <... futex resumed>) = 0 [pid 7178] rt_sigprocmask(SIG_SETMASK, [], [pid 7177] write(3, "1000", 4 [pid 7176] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7177] <... write resumed>) = 4 [pid 7178] memfd_create("syzkaller", 0 [pid 7177] close(3) = 0 [pid 7178] <... memfd_create resumed>) = 3 [pid 7177] symlink("/dev/binderfs", "./binderfs" [pid 7178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7177] <... symlink resumed>) = 0 executing program [pid 7178] <... mmap resumed>) = 0x7f7017800000 [pid 7177] write(1, "executing program\n", 18) = 18 [pid 7177] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7177] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7179 attached [pid 7179] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7179] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7179] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7177] <... clone3 resumed> => {parent_tid=[242]}, 88) = 242 [pid 7177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7177] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7179] <... futex resumed>) = 0 [pid 7179] memfd_create("syzkaller", 0 [pid 7177] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7171] +++ killed by SIGSEGV (core dumped) +++ [pid 7170] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=238, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7179] <... memfd_create resumed>) = 3 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7179] <... mmap resumed>) = 0x7f7017800000 [pid 5868] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", [pid 7178] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7179] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7173] <... futex resumed>) = ? [pid 7175] +++ killed by SIGSEGV (core dumped) +++ [pid 7173] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=238, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7178] <... write resumed>) = 2097152 [pid 7178] munmap(0x7f7017800000, 138412032) = 0 [pid 7172] <... futex resumed>) = ? [pid 7178] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7179] <... write resumed>) = 2097152 [pid 7178] <... openat resumed>) = 4 [pid 7179] munmap(0x7f7017800000, 138412032 [pid 7178] ioctl(4, LOOP_SET_FD, 3 [pid 7174] +++ killed by SIGSEGV (core dumped) +++ [pid 7172] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... umount2 resumed>) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=240, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7178] <... ioctl resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7178] close(3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7178] <... close resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7178] close(4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7178] <... close resumed>) = 0 [pid 7178] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5868] umount2("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7179] <... munmap resumed>) = 0 [pid 7178] <... mkdir resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7178] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7179] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 469.298485][ T7178] loop1: detected capacity change from 0 to 4096 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", [pid 7179] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] getdents64(4, [pid 5869] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7179] <... ioctl resumed>) = 0 [pid 5868] getdents64(4, [pid 7179] close(3 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7179] <... close resumed>) = 0 [pid 5868] close(4 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 7179] close(4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] rmdir("\x2e\x2f\x31\x31\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7179] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... openat resumed>) = 4 [pid 5868] newfstatat(AT_FDCWD, "./114/binderfs", [pid 7179] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5869] newfstatat(4, "", [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 469.344175][ T7179] loop4: detected capacity change from 0 to 4096 [pid 7179] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] unlink("./114/binderfs" [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... unlink resumed>) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] getdents64(3, [pid 5869] close(4 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] close(3 [pid 5869] rmdir("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... close resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] rmdir("./114" [pid 5869] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] <... rmdir resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "./115/binderfs", [pid 5868] mkdir("./115", 0777 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5869] unlink("./115/binderfs" [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] getdents64(3, [pid 5868] <... ioctl resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3 [pid 5871] <... umount2 resumed>) = 0 [pid 5869] close(3 [pid 5871] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("./115" [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./116", 0777 [pid 5871] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5871] unlink("./115/binderfs") = 0 [pid 7178] <... mount resumed>) = 0 [pid 7178] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7178] <... openat resumed>) = 3 [pid 5871] close(3) = 0 [pid 7178] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5871] rmdir("./115" [pid 7178] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... rmdir resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5871] mkdir("./116", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7178] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... openat resumed>) = 3 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7178] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7176] <... futex resumed>) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3./strace-static-x86_64: Process 7180 attached [pid 7176] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] set_robust_list(0x55557616a6a0, 24 [pid 7176] <... futex resumed>) = 0 [pid 7180] <... set_robust_list resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 240 [pid 7176] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7178] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7180] chdir("./115" [pid 5869] <... close resumed>) = 0 [pid 7180] <... chdir resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7180] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7178] <... openat resumed>) = 4 ./strace-static-x86_64: Process 7181 attached [pid 7180] <... prctl resumed>) = 0 [pid 7178] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] setpgid(0, 0 [pid 7178] <... futex resumed>) = 1 [pid 7176] <... futex resumed>) = 0 [pid 7181] set_robust_list(0x55557616a6a0, 24 [pid 7176] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] <... mount resumed>) = 0 [pid 7179] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7179] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7181] <... set_robust_list resumed>) = 0 [pid 7180] <... setpgid resumed>) = 0 [pid 7179] <... chdir resumed>) = 0 [pid 7178] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7176] <... futex resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 240 [pid 7181] chdir("./116" [pid 7179] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7181] <... chdir resumed>) = 0 [pid 7180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7179] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7176] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7180] <... openat resumed>) = 3 [pid 7181] <... prctl resumed>) = 0 [pid 7180] write(3, "1000", 4 [pid 7179] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] <... openat resumed>) = 5 [pid 7181] setpgid(0, 0 [pid 7180] <... write resumed>) = 4 [pid 7178] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... setpgid resumed>) = 0 [pid 7180] close(3 [pid 7179] <... futex resumed>) = 1 [pid 7178] <... futex resumed>) = 1 [pid 7177] <... futex resumed>) = 0 [pid 7176] <... futex resumed>) = 0 [pid 7177] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7176] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] <... close resumed>) = 0 [pid 7176] <... futex resumed>) = 0 [pid 7177] <... futex resumed>) = 0 executing program [pid 7181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7180] symlink("/dev/binderfs", "./binderfs" [pid 7179] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7178] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7177] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7176] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7180] <... symlink resumed>) = 0 [pid 7178] <... write resumed>) = 1116 [pid 7180] write(1, "executing program\n", 18 [pid 7178] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] <... write resumed>) = 18 [pid 7178] <... futex resumed>) = 1 [pid 7176] <... futex resumed>) = 0 [pid 7176] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] <... openat resumed>) = 4 [pid 7178] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7176] <... futex resumed>) = 0 [pid 7180] <... futex resumed>) = 0 [pid 7176] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] <... openat resumed>) = 3 [pid 7180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7179] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] <... mmap resumed>) = 0x200000000000 [pid 7179] <... futex resumed>) = 1 [pid 7178] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] <... futex resumed>) = 0 [pid 7181] write(3, "1000", 4 [pid 7180] <... mmap resumed>) = 0x7f701fcf4000 [pid 7177] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] <... futex resumed>) = 1 [pid 7176] <... futex resumed>) = 0 [pid 7181] <... write resumed>) = 4 [pid 7180] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7177] <... futex resumed>) = 0 [pid 7176] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7181] close(3 [pid 7180] <... mprotect resumed>) = 0 [pid 7179] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7178] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7177] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7176] <... futex resumed>) = 0 [pid 7180] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7179] <... openat resumed>) = 5 [pid 7178] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... close resumed>) = 0 [pid 7176] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] symlink("/dev/binderfs", "./binderfs" [pid 7180] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7178] <... futex resumed>) = 0 [pid 7176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7178] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7176] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... symlink resumed>) = 0 [pid 7179] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7176] <... futex resumed>) = 0 [pid 7179] <... futex resumed>) = 1 [pid 7177] <... futex resumed>) = 0 [pid 7179] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7177] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] <... write resumed>) = 1116 [pid 7177] <... futex resumed>) = 0 [pid 7179] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7179] <... futex resumed>) = 0 [pid 7177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7179] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7177] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7179] <... mmap resumed>) = 0x200000000000 [pid 7177] <... futex resumed>) = 0 [pid 7177] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 7179] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 ./strace-static-x86_64: Process 7182 attached [pid 7181] write(1, "executing program\n", 18 [pid 7180] <... clone3 resumed> => {parent_tid=[241]}, 88) = 241 [pid 7179] <... futex resumed>) = 1 [pid 7178] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7177] <... futex resumed>) = 0 [pid 7176] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7182] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7181] <... write resumed>) = 18 [pid 7180] rt_sigprocmask(SIG_SETMASK, [], [pid 7177] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7177] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7182] <... rseq resumed>) = 0 [pid 7180] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7182] set_robust_list(0x7f701fd149a0, 24 [pid 7181] <... futex resumed>) = 0 [pid 7182] <... set_robust_list resumed>) = 0 [pid 7180] <... futex resumed>) = 0 [pid 7181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7182] rt_sigprocmask(SIG_SETMASK, [], [pid 7180] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7181] <... mmap resumed>) = 0x7f701fcf4000 [pid 7182] memfd_create("syzkaller", 0 [pid 7181] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7179] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7182] <... memfd_create resumed>) = 3 [pid 7182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7181] <... mprotect resumed>) = 0 [pid 7179] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7183 attached [pid 7182] <... mmap resumed>) = 0x7f7017800000 [pid 7181] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7179] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7179] <... futex resumed>) = 1 [pid 7177] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7184 attached [pid 7177] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7184] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7183] set_robust_list(0x55557616a6a0, 24 [pid 7181] <... clone3 resumed> => {parent_tid=[241]}, 88) = 241 [pid 7179] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7177] <... futex resumed>) = 0 [pid 7184] <... rseq resumed>) = 0 [pid 7183] <... set_robust_list resumed>) = 0 [pid 7181] rt_sigprocmask(SIG_SETMASK, [], [pid 7177] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7184] set_robust_list(0x7f701fd149a0, 24 [pid 7181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7184] <... set_robust_list resumed>) = 0 [pid 7183] chdir("./116" [pid 7181] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7184] rt_sigprocmask(SIG_SETMASK, [], [pid 7183] <... chdir resumed>) = 0 [pid 7181] <... futex resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 242 [pid 7184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7183] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7181] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7184] memfd_create("syzkaller", 0 [pid 7183] <... prctl resumed>) = 0 [pid 7183] setpgid(0, 0) = 0 [pid 7184] <... memfd_create resumed>) = 3 [pid 7183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7183] <... openat resumed>) = 3 [pid 7184] <... mmap resumed>) = 0x7f7017800000 [pid 7183] write(3, "1000", 4) = 4 [pid 7183] close(3) = 0 executing program [pid 7183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7183] write(1, "executing program\n", 18) = 18 [pid 7183] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7183] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[243]}, 88) = 243 ./strace-static-x86_64: Process 7185 attached [pid 7183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7183] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7183] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7185] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7185] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7185] memfd_create("syzkaller", 0) = 3 [pid 7185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7182] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7184] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7182] <... write resumed>) = 2097152 [pid 7185] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7182] munmap(0x7f7017800000, 138412032) = 0 [pid 7182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7182] ioctl(4, LOOP_SET_FD, 3 [pid 7184] <... write resumed>) = 2097152 [pid 7184] munmap(0x7f7017800000, 138412032 [pid 7185] <... write resumed>) = 2097152 [pid 7184] <... munmap resumed>) = 0 [pid 7185] munmap(0x7f7017800000, 138412032 [pid 7184] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7182] <... ioctl resumed>) = 0 [pid 7185] <... munmap resumed>) = 0 [pid 7184] <... openat resumed>) = 4 [pid 7182] close(3 [pid 7184] ioctl(4, LOOP_SET_FD, 3 [pid 7182] <... close resumed>) = 0 [ 469.852638][ T7182] loop0: detected capacity change from 0 to 4096 [pid 7182] close(4 [pid 7185] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7182] <... close resumed>) = 0 [pid 7182] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7184] <... ioctl resumed>) = 0 [pid 7182] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7184] close(3 [pid 7185] <... openat resumed>) = 4 [pid 7184] <... close resumed>) = 0 [pid 7176] <... futex resumed>) = ? [pid 7184] close(4 [pid 7178] +++ killed by SIGSEGV (core dumped) +++ [pid 7177] <... futex resumed>) = ? [pid 7176] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=245, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 7185] ioctl(4, LOOP_SET_FD, 3 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7184] <... close resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7184] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5870] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7184] <... mkdir resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7184] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7179] +++ killed by SIGSEGV (core dumped) +++ [pid 7177] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=241, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 7185] <... ioctl resumed>) = 0 [pid 7185] close(3 [ 469.896762][ T7184] loop2: detected capacity change from 0 to 4096 [ 469.935650][ T7185] loop3: detected capacity change from 0 to 4096 [pid 5872] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7185] <... close resumed>) = 0 [pid 7185] close(4) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7185] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7185] <... mkdir resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 7185] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7182] <... mount resumed>) = 0 [pid 7182] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7182] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7182] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7180] <... futex resumed>) = 0 [pid 7182] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7180] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7180] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7182] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7185] <... mount resumed>) = 0 [pid 7184] <... mount resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 7182] <... openat resumed>) = 4 [pid 7182] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7185] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7184] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7182] <... futex resumed>) = 1 [pid 7180] <... futex resumed>) = 0 [pid 7185] <... openat resumed>) = 3 [pid 7184] <... openat resumed>) = 3 [pid 7180] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7185] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7184] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7180] <... futex resumed>) = 0 [pid 7185] <... chdir resumed>) = 0 [pid 7184] <... chdir resumed>) = 0 [pid 7182] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7180] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7184] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7182] <... openat resumed>) = 5 [pid 5870] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7185] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7184] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7185] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7184] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7181] <... futex resumed>) = 0 [pid 7184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7181] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7182] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7182] <... futex resumed>) = 1 [pid 7181] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7180] <... futex resumed>) = 0 [pid 7185] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7182] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7180] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7180] <... futex resumed>) = 0 [pid 7185] <... futex resumed>) = 1 [pid 7183] <... futex resumed>) = 0 [pid 7180] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7183] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7183] <... futex resumed>) = 0 [pid 7183] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7182] <... write resumed>) = 1116 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7182] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7182] <... futex resumed>) = 1 [pid 7180] <... futex resumed>) = 0 [pid 7185] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7182] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7180] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 4 [pid 7184] <... openat resumed>) = 4 [pid 7182] <... mmap resumed>) = 0x200000000000 [pid 7180] <... futex resumed>) = 0 [pid 7182] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... umount2 resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 7182] <... futex resumed>) = 0 [pid 7180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7180] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7180] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7180] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7184] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7184] <... futex resumed>) = 1 [pid 7182] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7181] <... futex resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] getdents64(4, [pid 7184] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7182] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7181] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7184] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7182] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... futex resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] getdents64(4, [pid 7185] <... openat resumed>) = 4 [pid 7184] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7182] <... futex resumed>) = 1 [pid 7181] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7180] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7185] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7184] <... futex resumed>) = 0 [pid 7181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7180] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] newfstatat(4, "", [pid 5870] close(4 [pid 7185] <... futex resumed>) = 1 [pid 7184] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7183] <... futex resumed>) = 0 [pid 7182] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7181] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... close resumed>) = 0 [pid 7185] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7183] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... futex resumed>) = 0 [pid 7180] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] getdents64(4, [pid 5870] rmdir("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7183] <... futex resumed>) = 0 [pid 7185] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7184] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7183] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7184] <... write resumed>) = 1116 [pid 7181] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] getdents64(4, [pid 5870] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 7185] <... openat resumed>) = 5 [pid 7184] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7184] <... futex resumed>) = 1 [pid 5872] rmdir("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7181] <... futex resumed>) = 0 [pid 7184] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... rmdir resumed>) = 0 [pid 7181] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7184] <... futex resumed>) = 0 [pid 7181] <... futex resumed>) = 1 [pid 7184] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7181] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7184] <... mmap resumed>) = 0x200000000000 [pid 7185] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7184] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] newfstatat(AT_FDCWD, "./115/binderfs", [pid 7185] <... futex resumed>) = 1 [pid 7183] <... futex resumed>) = 0 [pid 7185] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7184] <... futex resumed>) = 1 [pid 7183] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... futex resumed>) = 0 [pid 7185] <... write resumed>) = 1116 [pid 7184] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7183] <... futex resumed>) = 0 [pid 7181] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7183] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] unlink("./115/binderfs" [pid 7184] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7185] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7184] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7185] <... futex resumed>) = 1 [pid 7184] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7183] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "./115/binderfs", [pid 5870] <... unlink resumed>) = 0 [pid 7185] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7184] <... futex resumed>) = 0 [pid 7183] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7185] <... mmap resumed>) = 0x200000000000 [pid 7184] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7183] <... futex resumed>) = 0 [pid 7181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7184] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7183] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7181] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] getdents64(3, [pid 7185] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7184] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7181] <... futex resumed>) = 0 [pid 5872] unlink("./115/binderfs" [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7185] <... futex resumed>) = 0 [pid 5870] close(3 [pid 7185] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7183] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7185] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7183] <... futex resumed>) = 0 [pid 7185] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7183] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7185] <... futex resumed>) = 0 [pid 7183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7185] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7183] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... unlink resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] rmdir("./115" [pid 5872] close(3 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5870] mkdir("./116", 0777) = 0 [pid 5872] rmdir("./115") = 0 [pid 5872] mkdir("./116", 0777 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... mkdir resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] <... openat resumed>) = 3 [pid 5872] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5870] <... ioctl resumed>) = 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 5872] close(3 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... close resumed>) = 0 ./strace-static-x86_64: Process 7186 attached [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 247 ./strace-static-x86_64: Process 7187 attached [pid 7186] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 243 [pid 7187] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7187] chdir("./116") = 0 [pid 7186] chdir("./116") = 0 [pid 7186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7186] setpgid(0, 0 [pid 7187] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7186] <... setpgid resumed>) = 0 [pid 7187] <... prctl resumed>) = 0 [pid 7187] setpgid(0, 0) = 0 [pid 7187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7187] <... openat resumed>) = 3 [pid 7187] write(3, "1000", 4 [pid 7186] <... openat resumed>) = 3 [pid 7187] <... write resumed>) = 4 [pid 7187] close(3 [pid 7186] write(3, "1000", 4 [pid 7187] <... close resumed>) = 0 [pid 7187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7186] <... write resumed>) = 4 executing program [pid 7187] write(1, "executing program\n", 18 [pid 7186] close(3 [pid 7187] <... write resumed>) = 18 [pid 7186] <... close resumed>) = 0 [pid 7187] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7186] symlink("/dev/binderfs", "./binderfs" [pid 7187] <... futex resumed>) = 0 [pid 7187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program ) = 0x7f701fcf4000 [pid 7186] <... symlink resumed>) = 0 [pid 7187] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7186] write(1, "executing program\n", 18 [pid 7187] <... mprotect resumed>) = 0 [pid 7187] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7186] <... write resumed>) = 18 [pid 7186] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7187] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[244]}, 88) = 244 [pid 7187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7187] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7187] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7188 attached [pid 7188] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7186] <... futex resumed>) = 0 [pid 7188] <... rseq resumed>) = 0 [pid 7188] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7188] memfd_create("syzkaller", 0 [pid 7186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7186] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7188] <... memfd_create resumed>) = 3 [pid 7188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7186] <... mprotect resumed>) = 0 [pid 7188] <... mmap resumed>) = 0x7f7017800000 [pid 7186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7189 attached => {parent_tid=[248]}, 88) = 248 [pid 7186] rt_sigprocmask(SIG_SETMASK, [], [pid 7189] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7189] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7189] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7186] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7189] <... futex resumed>) = 0 [pid 7186] <... futex resumed>) = 1 [pid 7186] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7189] memfd_create("syzkaller", 0) = 3 [pid 7189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7188] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 7188] munmap(0x7f7017800000, 138412032) = 0 [pid 7189] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7188] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7188] ioctl(4, LOOP_SET_FD, 3 [pid 7180] <... futex resumed>) = ? [pid 7184] +++ killed by SIGSEGV (core dumped) +++ [pid 7188] <... ioctl resumed>) = 0 [pid 7188] close(3) = 0 [pid 7188] close(4) = 0 [pid 7181] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=240, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7188] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7188] <... mkdir resumed>) = 0 [pid 7188] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [ 470.586111][ T7188] loop4: detected capacity change from 0 to 4096 [pid 7182] +++ killed by SIGSEGV (core dumped) +++ [pid 7180] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] getdents64(3, [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=240, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5869] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7189] <... write resumed>) = 2097152 [pid 7189] munmap(0x7f7017800000, 138412032 [pid 7183] <... futex resumed>) = ? [pid 7188] <... mount resumed>) = 0 [pid 7189] <... munmap resumed>) = 0 [pid 7188] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7189] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7188] <... openat resumed>) = 3 [pid 7188] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7185] +++ killed by SIGSEGV (core dumped) +++ [pid 7183] +++ killed by SIGSEGV (core dumped) +++ [pid 7188] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=242, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- [pid 7189] <... openat resumed>) = 4 [pid 7188] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7189] ioctl(4, LOOP_SET_FD, 3 [pid 7188] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] <... futex resumed>) = 0 [pid 7187] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7187] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7188] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7188] <... openat resumed>) = 4 [pid 7188] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] <... futex resumed>) = 0 [pid 7187] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7187] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7188] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7189] <... ioctl resumed>) = 0 [pid 7188] <... openat resumed>) = 5 [pid 7189] close(3 [pid 5868] <... umount2 resumed>) = 0 [pid 7189] <... close resumed>) = 0 [pid 7189] close(4) = 0 [pid 7188] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7187] <... futex resumed>) = 0 [pid 7187] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7187] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7189] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7188] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7189] <... mkdir resumed>) = 0 [pid 7188] <... write resumed>) = 1116 [pid 7189] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7188] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7188] <... futex resumed>) = 1 [pid 7187] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7187] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7187] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7188] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7187] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] umount2("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7188] <... mmap resumed>) = 0x200000000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7188] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [ 470.753773][ T7189] loop1: detected capacity change from 0 to 4096 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7188] <... futex resumed>) = 1 [pid 7187] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 7188] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7187] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 7187] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7187] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7188] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5869] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] getdents64(4, [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x31\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7188] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7188] <... futex resumed>) = 1 [pid 7188] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... openat resumed>) = 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./115/binderfs") = 0 [pid 5868] getdents64(3, [pid 5869] newfstatat(4, "", [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./115" [pid 5869] getdents64(4, [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./116", 0777 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... mkdir resumed>) = 0 [pid 5869] getdents64(4, [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7187] <... futex resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7187] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(4 [pid 7188] <... futex resumed>) = 0 [pid 7187] <... futex resumed>) = 1 [pid 5869] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5869] rmdir("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7188] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5869] <... rmdir resumed>) = 0 [pid 7187] ???( [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... ioctl resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] close(3 [pid 5869] newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./116/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./116") = 0 [pid 5869] mkdir("./117", 0777) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] <... openat resumed>) = 3 [pid 5868] <... close resumed>) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7190 attached [pid 5871] newfstatat(AT_FDCWD, "./116/binderfs", [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3 [pid 7190] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7190] <... set_robust_list resumed>) = 0 [pid 5871] unlink("./116/binderfs" [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 242 [pid 7190] chdir("./116" [pid 5871] <... unlink resumed>) = 0 [pid 7190] <... chdir resumed>) = 0 [pid 5871] getdents64(3, [pid 7190] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7190] <... prctl resumed>) = 0 [pid 5871] close(3 [pid 7190] setpgid(0, 0 [pid 5871] <... close resumed>) = 0 [pid 7190] <... setpgid resumed>) = 0 [pid 5871] rmdir("./116" [pid 7190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... rmdir resumed>) = 0 [pid 7190] <... openat resumed>) = 3 [pid 5871] mkdir("./117", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program ) = 3 [pid 7190] write(3, "1000", 4) = 4 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7190] close(3 [pid 5871] <... ioctl resumed>) = 0 [pid 7190] <... close resumed>) = 0 [pid 5871] close(3 [pid 7190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7190] write(1, "executing program\n", 18) = 18 [pid 7190] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7190] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7191 attached [pid 7190] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7191] set_robust_list(0x55557616a6a0, 24 [pid 7190] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7191] <... set_robust_list resumed>) = 0 [pid 7190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7192 attached [pid 7191] chdir("./117" [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 244 [pid 7192] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7191] <... chdir resumed>) = 0 [pid 7190] <... clone3 resumed> => {parent_tid=[243]}, 88) = 243 [pid 5869] <... close resumed>) = 0 [pid 7192] <... rseq resumed>) = 0 [pid 7190] rt_sigprocmask(SIG_SETMASK, [], [pid 7192] set_robust_list(0x7f701fd149a0, 24 [pid 7190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7192] <... set_robust_list resumed>) = 0 [pid 7190] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7192] rt_sigprocmask(SIG_SETMASK, [], [pid 7191] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7190] <... futex resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7190] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7192] memfd_create("syzkaller", 0 [pid 7191] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 7193 attached [pid 7193] set_robust_list(0x55557616a6a0, 24 [pid 7192] <... memfd_create resumed>) = 3 [pid 7191] setpgid(0, 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 242 [pid 7193] <... set_robust_list resumed>) = 0 [pid 7192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7191] <... setpgid resumed>) = 0 [pid 7193] chdir("./117" [pid 7192] <... mmap resumed>) = 0x7f7017800000 [pid 7191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7193] <... chdir resumed>) = 0 [pid 7191] <... openat resumed>) = 3 [pid 7191] write(3, "1000", 4) = 4 [pid 7191] close(3) = 0 [pid 7191] symlink("/dev/binderfs", "./binderfs" [pid 7193] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7191] <... symlink resumed>) = 0 [pid 7193] <... prctl resumed>) = 0 [pid 7193] setpgid(0, 0 [pid 7191] write(1, "executing program\n", 18executing program [pid 7193] <... setpgid resumed>) = 0 [pid 7191] <... write resumed>) = 18 [pid 7193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7191] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7193] <... openat resumed>) = 3 [pid 7191] <... mmap resumed>) = 0x7f701fcf4000 [pid 7193] write(3, "1000", 4 [pid 7191] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7193] <... write resumed>) = 4 [pid 7191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7193] close(3 [pid 7191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7189] <... mount resumed>) = 0 ./strace-static-x86_64: Process 7194 attached [pid 7193] <... close resumed>) = 0 [pid 7189] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7193] symlink("/dev/binderfs", "./binderfs"executing program [pid 7194] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7193] <... symlink resumed>) = 0 [pid 7191] <... clone3 resumed> => {parent_tid=[245]}, 88) = 245 [pid 7189] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7194] <... rseq resumed>) = 0 [pid 7194] set_robust_list(0x7f701fd149a0, 24 [pid 7189] <... chdir resumed>) = 0 [pid 7193] write(1, "executing program\n", 18) = 18 [pid 7189] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7191] rt_sigprocmask(SIG_SETMASK, [], [pid 7189] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7194] <... set_robust_list resumed>) = 0 [pid 7189] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7191] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7194] rt_sigprocmask(SIG_SETMASK, [], [pid 7191] <... futex resumed>) = 0 [pid 7189] <... futex resumed>) = 1 [pid 7186] <... futex resumed>) = 0 [pid 7191] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7186] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7193] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7189] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7186] <... futex resumed>) = 0 [pid 7194] memfd_create("syzkaller", 0 [pid 7193] <... futex resumed>) = 0 [pid 7186] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7194] <... memfd_create resumed>) = 3 [pid 7193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7192] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7189] <... openat resumed>) = 4 [pid 7194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7193] <... mmap resumed>) = 0x7f701fcf4000 [pid 7189] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7186] <... futex resumed>) = 0 [pid 7193] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7194] <... mmap resumed>) = 0x7f7017800000 [pid 7193] <... mprotect resumed>) = 0 [pid 7189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7186] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7193] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7189] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7186] <... futex resumed>) = 0 [pid 7193] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7186] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7193] <... clone3 resumed> => {parent_tid=[243]}, 88) = 243 ./strace-static-x86_64: Process 7195 attached [pid 7193] rt_sigprocmask(SIG_SETMASK, [], [pid 7195] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7195] <... rseq resumed>) = 0 [pid 7193] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7189] <... openat resumed>) = 5 [pid 7195] set_robust_list(0x7f701fd149a0, 24 [pid 7193] <... futex resumed>) = 0 [pid 7189] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7193] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7189] <... futex resumed>) = 1 [pid 7186] <... futex resumed>) = 0 [pid 7186] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7195] <... set_robust_list resumed>) = 0 [pid 7186] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7195] rt_sigprocmask(SIG_SETMASK, [], [pid 7189] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7189] <... write resumed>) = 1116 [pid 7195] memfd_create("syzkaller", 0 [pid 7189] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7186] <... futex resumed>) = 0 [pid 7186] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7189] <... futex resumed>) = 0 [pid 7186] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7189] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7189] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7195] <... memfd_create resumed>) = 3 [pid 7189] <... futex resumed>) = 1 [pid 7186] <... futex resumed>) = 0 [pid 7189] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7186] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7186] <... futex resumed>) = 0 [pid 7189] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7186] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7189] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7189] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7195] <... mmap resumed>) = 0x7f7017800000 [pid 7189] <... futex resumed>) = 1 [pid 7186] <... futex resumed>) = 0 [pid 7186] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7189] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7194] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7192] <... write resumed>) = 2097152 [pid 7192] munmap(0x7f7017800000, 138412032) = 0 [pid 7192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7195] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7188] +++ killed by SIGSEGV (core dumped) +++ [pid 7187] <... ??? resumed>) = ? [pid 7192] close(3 [pid 7187] +++ killed by SIGSEGV (core dumped) +++ [pid 7192] <... close resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=243, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7192] close(4 [pid 5872] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7192] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7192] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7192] <... mkdir resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 7192] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7194] <... write resumed>) = 2097152 [ 471.280298][ T7192] loop0: detected capacity change from 0 to 4096 [pid 7194] munmap(0x7f7017800000, 138412032 [pid 7195] <... write resumed>) = 2097152 [pid 7194] <... munmap resumed>) = 0 [pid 7195] munmap(0x7f7017800000, 138412032 [pid 7194] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7195] <... munmap resumed>) = 0 [pid 7195] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7194] ioctl(4, LOOP_SET_FD, 3 [pid 7195] <... openat resumed>) = 4 [pid 7195] ioctl(4, LOOP_SET_FD, 3 [pid 7194] <... ioctl resumed>) = 0 [pid 7194] close(3) = 0 [pid 7194] close(4) = 0 [pid 7194] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7194] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7195] <... ioctl resumed>) = 0 [pid 7195] close(3) = 0 [pid 7195] close(4) = 0 [pid 7195] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 471.389776][ T7194] loop3: detected capacity change from 0 to 4096 [ 471.398472][ T7195] loop2: detected capacity change from 0 to 4096 [pid 7195] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./116/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./116") = 0 [pid 5872] mkdir("./117", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7186] <... futex resumed>) = ? [pid 7194] <... mount resumed>) = 0 [pid 7194] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7192] <... mount resumed>) = 0 [pid 7192] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7194] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7192] <... openat resumed>) = 3 [pid 7194] <... chdir resumed>) = 0 [pid 7194] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7192] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7189] +++ killed by SIGSEGV (core dumped) +++ [pid 7186] +++ killed by SIGSEGV (core dumped) +++ [pid 7192] <... chdir resumed>) = 0 [pid 7192] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=247, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 7192] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7192] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7190] <... futex resumed>) = 0 [pid 7190] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7192] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7190] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7194] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7191] <... futex resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7191] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7194] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7192] <... openat resumed>) = 4 [pid 7191] <... futex resumed>) = 0 [pid 7191] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7192] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7194] <... openat resumed>) = 4 [pid 7192] <... futex resumed>) = 1 [pid 7190] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7190] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7192] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7190] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7194] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7190] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] newfstatat(3, "", ./strace-static-x86_64: Process 7196 attached [pid 7195] <... mount resumed>) = 0 [pid 7194] <... futex resumed>) = 1 [pid 7192] <... openat resumed>) = 5 [pid 7191] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7196] set_robust_list(0x55557616a6a0, 24 [pid 7195] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7194] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7191] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7196] <... set_robust_list resumed>) = 0 [pid 7195] <... openat resumed>) = 3 [pid 7194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7192] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7191] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7196] chdir("./117" [pid 7195] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7194] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7191] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 245 [pid 5870] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7195] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7192] <... futex resumed>) = 1 [pid 7195] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7192] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7190] <... futex resumed>) = 0 [pid 7196] <... chdir resumed>) = 0 [pid 7195] <... futex resumed>) = 1 [pid 7193] <... futex resumed>) = 0 [pid 7192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7190] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7193] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] <... prctl resumed>) = 0 [pid 7193] <... futex resumed>) = 0 [pid 7196] setpgid(0, 0 [pid 7195] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7193] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7192] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7190] <... futex resumed>) = 0 [pid 7196] <... setpgid resumed>) = 0 [pid 7192] <... write resumed>) = 1116 [pid 7192] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7190] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7192] <... futex resumed>) = 0 [pid 7190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7196] <... openat resumed>) = 3 [pid 7192] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7190] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7192] <... futex resumed>) = 0 [pid 7190] <... futex resumed>) = 1 [pid 7192] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7190] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7192] <... mmap resumed>) = 0x200000000000 [pid 7196] write(3, "1000", 4 [pid 7195] <... openat resumed>) = 4 [pid 7194] <... openat resumed>) = 5 [pid 7192] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] <... write resumed>) = 4 [pid 7194] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] close(3 [pid 7191] <... futex resumed>) = 0 [pid 7196] <... close resumed>) = 0 [pid 7191] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] symlink("/dev/binderfs", "./binderfs" [pid 7194] <... futex resumed>) = 1 [pid 7191] <... futex resumed>) = 0 [pid 7192] <... futex resumed>) = 1 [pid 7190] <... futex resumed>) = 0 [pid 7196] <... symlink resumed>) = 0 [pid 7194] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7192] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program [pid 7191] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7190] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] write(1, "executing program\n", 18 [pid 7195] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7194] <... write resumed>) = 1116 [pid 7192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7195] <... futex resumed>) = 1 [pid 7193] <... futex resumed>) = 0 [pid 7192] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7190] <... futex resumed>) = 0 [pid 7196] <... write resumed>) = 18 [pid 7195] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7194] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7193] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7192] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7190] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7196] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7195] <... openat resumed>) = 5 [pid 7194] <... futex resumed>) = 1 [pid 7193] <... futex resumed>) = 0 [pid 7191] <... futex resumed>) = 0 [pid 7196] <... futex resumed>) = 0 [pid 7195] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7193] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7192] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7191] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7194] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7191] <... futex resumed>) = 0 [pid 7196] <... mmap resumed>) = 0x7f701fcf4000 [pid 7193] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7191] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7196] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7195] <... futex resumed>) = 0 [pid 7194] <... mmap resumed>) = 0x200000000000 [pid 7193] <... futex resumed>) = 0 [pid 7192] <... futex resumed>) = 1 [pid 7190] <... futex resumed>) = 0 [pid 7196] <... mprotect resumed>) = 0 [pid 7195] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7194] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7193] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7192] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7190] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7194] <... futex resumed>) = 1 [pid 7196] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7195] <... write resumed>) = 1116 [pid 7191] <... futex resumed>) = 0 [pid 7191] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7195] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7195] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7193] <... futex resumed>) = 0 [pid 7194] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7193] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7191] <... futex resumed>) = 0 [pid 7196] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7195] <... futex resumed>) = 0 [pid 7194] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7193] <... futex resumed>) = 1 [pid 7191] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7195] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7193] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7195] <... mmap resumed>) = 0x200000000000 [pid 7195] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7195] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 7197 attached [pid 7194] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7193] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] <... clone3 resumed> => {parent_tid=[246]}, 88) = 246 [pid 7197] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7196] rt_sigprocmask(SIG_SETMASK, [], [pid 7195] <... futex resumed>) = 0 [pid 7193] <... futex resumed>) = 1 [pid 7194] <... futex resumed>) = 1 [pid 7191] <... futex resumed>) = 0 [pid 7196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7195] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7193] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7191] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7194] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7195] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7196] <... futex resumed>) = 0 [pid 7195] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7197] <... rseq resumed>) = 0 [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7195] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7197] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7197] memfd_create("syzkaller", 0 [pid 7193] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7197] <... memfd_create resumed>) = 3 [pid 7195] <... futex resumed>) = 0 [pid 7193] <... futex resumed>) = 1 [pid 7197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7195] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7193] ???( [pid 7197] <... mmap resumed>) = 0x7f7017800000 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./116/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./116") = 0 [pid 7197] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] mkdir("./117", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7190] <... futex resumed>) = ? [pid 7192] +++ killed by SIGSEGV (core dumped) +++ [pid 7190] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=242, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 7197] <... write resumed>) = 2097152 [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7197] munmap(0x7f7017800000, 138412032 [pid 5868] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7198 attached [pid 7197] <... munmap resumed>) = 0 [pid 5868] getdents64(3, [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 249 [pid 7198] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7198] chdir("./117") = 0 [pid 7198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7198] setpgid(0, 0) = 0 [pid 7198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7198] <... openat resumed>) = 3 [pid 5868] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7198] write(3, "1000", 4) = 4 [pid 7198] close(3) = 0 [pid 7198] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7198] write(1, "executing program\n", 18) = 18 [pid 7198] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7198] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7197] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7198] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7197] <... openat resumed>) = 4 [pid 7198] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7199 attached => {parent_tid=[250]}, 88) = 250 [pid 7197] ioctl(4, LOOP_SET_FD, 3 [pid 7199] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7198] rt_sigprocmask(SIG_SETMASK, [], [pid 7199] <... rseq resumed>) = 0 [pid 7198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7199] set_robust_list(0x7f701fd149a0, 24 [pid 7198] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7199] <... set_robust_list resumed>) = 0 [pid 7198] <... futex resumed>) = 0 [pid 7199] rt_sigprocmask(SIG_SETMASK, [], [pid 7198] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7199] memfd_create("syzkaller", 0) = 3 [pid 7199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7197] <... ioctl resumed>) = 0 [pid 7197] close(3) = 0 [pid 7197] close(4) = 0 [pid 7197] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 471.982858][ T7197] loop4: detected capacity change from 0 to 4096 [pid 7197] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7191] <... futex resumed>) = ? [pid 5868] <... umount2 resumed>) = 0 [pid 7199] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7194] +++ killed by SIGSEGV (core dumped) +++ [pid 7191] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=244, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5868] getdents64(4, [pid 5871] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x31\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./116/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./116") = 0 [pid 5868] mkdir("./117", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7193] <... ??? resumed>) = ? [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 7195] +++ killed by SIGSEGV (core dumped) +++ [pid 7193] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=242, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... close resumed>) = 0 [pid 7199] <... write resumed>) = 2097152 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7199] munmap(0x7f7017800000, 138412032 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7199] <... munmap resumed>) = 0 [pid 5869] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 244 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 7200 attached [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7200] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7200] chdir("./117") = 0 [pid 7200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7200] setpgid(0, 0) = 0 [pid 7200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7200] write(3, "1000", 4) = 4 [pid 7197] <... mount resumed>) = 0 [pid 7197] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7200] close(3 [pid 7199] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7200] <... close resumed>) = 0 [pid 7199] <... openat resumed>) = 4 [pid 7200] symlink("/dev/binderfs", "./binderfs" [pid 7199] ioctl(4, LOOP_SET_FD, 3 [pid 7200] <... symlink resumed>) = 0 [pid 7197] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7197] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7200] write(1, "executing program\n", 18 [pid 7197] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7197] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7196] <... futex resumed>) = 0 [pid 7197] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7196] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7200] <... write resumed>) = 18 [pid 7197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7196] <... futex resumed>) = 0 [pid 7197] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7200] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7200] <... futex resumed>) = 0 [pid 7200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7200] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7200] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7200] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[245]}, 88) = 245 [pid 7200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7200] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7200] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7201 attached [pid 7201] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7197] <... openat resumed>) = 4 [pid 7199] <... ioctl resumed>) = 0 [pid 7199] close(3) = 0 [pid 7199] close(4) = 0 [pid 7201] <... rseq resumed>) = 0 [pid 7199] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 472.204412][ T7199] loop1: detected capacity change from 0 to 4096 [pid 7199] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7201] set_robust_list(0x7f701fd149a0, 24 [pid 7197] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] <... umount2 resumed>) = 0 [pid 7201] <... set_robust_list resumed>) = 0 [pid 7196] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7201] rt_sigprocmask(SIG_SETMASK, [], [pid 7197] <... futex resumed>) = 1 [pid 7196] <... futex resumed>) = 0 [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 7197] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7201] memfd_create("syzkaller", 0 [pid 7197] <... openat resumed>) = 5 [pid 5871] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7201] <... memfd_create resumed>) = 3 [pid 7197] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7197] <... futex resumed>) = 1 [pid 7196] <... futex resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7197] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7196] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] <... mmap resumed>) = 0x7f7017800000 [pid 7197] <... write resumed>) = 1116 [pid 7196] <... futex resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7197] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7196] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7197] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7196] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 4 [pid 7196] <... futex resumed>) = 0 [pid 7197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] newfstatat(4, "", [pid 7197] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7197] <... mmap resumed>) = 0x200000000000 [pid 5871] getdents64(4, [pid 7197] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7197] <... futex resumed>) = 1 [pid 7196] <... futex resumed>) = 0 [pid 7197] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7196] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] getdents64(4, [pid 7197] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7196] <... futex resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7197] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7197] <... futex resumed>) = 0 [pid 7196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] close(4 [pid 7197] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7196] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7196] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7197] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7196] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] rmdir("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./117/binderfs") = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] close(3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... close resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./117/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5871] rmdir("./117" [pid 5869] rmdir("./117") = 0 [pid 5869] mkdir("./118", 0777) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] mkdir("./118", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7201] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7199] <... mount resumed>) = 0 [pid 5871] close(3 [pid 7199] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7199] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7199] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] <... close resumed>) = 0 [pid 7199] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7199] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7199] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7198] <... futex resumed>) = 0 [pid 7198] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7199] <... futex resumed>) = 0 [pid 7198] <... futex resumed>) = 1 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7199] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7198] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7202 attached [pid 5871] <... close resumed>) = 0 [pid 7202] set_robust_list(0x55557616a6a0, 24 [pid 7199] <... openat resumed>) = 4 [pid 7202] <... set_robust_list resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 244 [pid 7202] chdir("./118" [pid 7199] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7202] <... chdir resumed>) = 0 [pid 7199] <... futex resumed>) = 1 [pid 7198] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7203 attached [pid 7202] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7198] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7202] <... prctl resumed>) = 0 [pid 7201] <... write resumed>) = 2097152 [pid 7199] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000executing program [pid 7203] set_robust_list(0x55557616a6a0, 24 [pid 7202] setpgid(0, 0 [pid 7198] <... futex resumed>) = 0 [pid 7203] <... set_robust_list resumed>) = 0 [pid 7202] <... setpgid resumed>) = 0 [pid 7198] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 246 [pid 7203] chdir("./118" [pid 7202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7203] <... chdir resumed>) = 0 [pid 7203] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7202] <... openat resumed>) = 3 [pid 7203] <... prctl resumed>) = 0 [pid 7202] write(3, "1000", 4 [pid 7203] setpgid(0, 0 [pid 7202] <... write resumed>) = 4 [pid 7203] <... setpgid resumed>) = 0 [pid 7202] close(3 [pid 7203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7202] <... close resumed>) = 0 [pid 7203] <... openat resumed>) = 3 [pid 7202] symlink("/dev/binderfs", "./binderfs" [pid 7203] write(3, "1000", 4 [pid 7202] <... symlink resumed>) = 0 [pid 7203] <... write resumed>) = 4 [pid 7202] write(1, "executing program\n", 18 [pid 7203] close(3 [pid 7202] <... write resumed>) = 18 [pid 7199] <... openat resumed>) = 5 [pid 7202] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7199] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7198] <... futex resumed>) = 0 [pid 7199] <... futex resumed>) = 1 [pid 7199] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7198] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7198] <... futex resumed>) = 0 [pid 7198] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7203] <... close resumed>) = 0 [pid 7199] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7203] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7203] write(1, "executing program\n", 18) = 18 [pid 7202] <... futex resumed>) = 0 [pid 7202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7203] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7199] <... write resumed>) = 1116 [pid 7203] <... futex resumed>) = 0 [pid 7203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7199] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] <... mmap resumed>) = 0x7f701fcf4000 [pid 7202] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7203] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7202] <... mprotect resumed>) = 0 [pid 7203] <... mprotect resumed>) = 0 [pid 7202] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7203] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7202] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7204 attached [pid 7203] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7203] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7202] <... clone3 resumed> => {parent_tid=[245]}, 88) = 245 ./strace-static-x86_64: Process 7205 attached [pid 7202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7202] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7204] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7203] <... clone3 resumed> => {parent_tid=[247]}, 88) = 247 [pid 7202] <... futex resumed>) = 0 [pid 7199] <... futex resumed>) = 1 [pid 7198] <... futex resumed>) = 0 [pid 7202] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7205] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7204] <... rseq resumed>) = 0 [pid 7203] rt_sigprocmask(SIG_SETMASK, [], [pid 7198] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7201] munmap(0x7f7017800000, 138412032 [pid 7199] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7198] <... futex resumed>) = 0 [pid 7204] set_robust_list(0x7f701fd149a0, 24 [pid 7203] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7204] <... set_robust_list resumed>) = 0 [pid 7203] <... futex resumed>) = 0 [pid 7198] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7205] <... rseq resumed>) = 0 [pid 7204] rt_sigprocmask(SIG_SETMASK, [], [pid 7203] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7199] <... mmap resumed>) = 0x200000000000 [pid 7205] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7204] memfd_create("syzkaller", 0 [pid 7205] rt_sigprocmask(SIG_SETMASK, [], [pid 7204] <... memfd_create resumed>) = 3 [pid 7205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7205] memfd_create("syzkaller", 0 [pid 7204] <... mmap resumed>) = 0x7f7017800000 [pid 7199] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7205] <... memfd_create resumed>) = 3 [pid 7205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7199] <... futex resumed>) = 1 [pid 7198] <... futex resumed>) = 0 [pid 7198] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] <... munmap resumed>) = 0 [pid 7199] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7198] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7199] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7199] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7198] <... futex resumed>) = 0 [pid 7198] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7201] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7199] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7198] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7201] <... openat resumed>) = 4 [pid 7201] ioctl(4, LOOP_SET_FD, 3 [pid 7205] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7204] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7201] <... ioctl resumed>) = 0 [ 472.627589][ T7201] loop0: detected capacity change from 0 to 4096 [pid 7201] close(3) = 0 [pid 7201] close(4) = 0 [pid 7201] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7201] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7205] <... write resumed>) = 2097152 [pid 7204] <... write resumed>) = 2097152 [pid 7205] munmap(0x7f7017800000, 138412032 [pid 7204] munmap(0x7f7017800000, 138412032 [pid 7205] <... munmap resumed>) = 0 [pid 7204] <... munmap resumed>) = 0 [pid 7196] <... futex resumed>) = ? [pid 7205] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7204] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7201] <... mount resumed>) = 0 [pid 7205] <... openat resumed>) = 4 [pid 7204] <... openat resumed>) = 4 [pid 7205] ioctl(4, LOOP_SET_FD, 3 [pid 7204] ioctl(4, LOOP_SET_FD, 3 [pid 7201] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7197] +++ killed by SIGSEGV (core dumped) +++ [pid 7196] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=245, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [pid 7201] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7201] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5872] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7201] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] newfstatat(3, "", [pid 7204] <... ioctl resumed>) = 0 [pid 7201] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7200] <... futex resumed>) = 0 [pid 7201] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7200] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7205] <... ioctl resumed>) = 0 [pid 7204] close(3 [pid 7200] <... futex resumed>) = 0 [pid 5872] getdents64(3, [pid 7200] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7205] close(3 [pid 7204] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7205] <... close resumed>) = 0 [pid 7204] close(4 [pid 5872] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7205] close(4 [pid 7204] <... close resumed>) = 0 [pid 7205] <... close resumed>) = 0 [ 472.810321][ T7205] loop3: detected capacity change from 0 to 4096 [ 472.820308][ T7204] loop2: detected capacity change from 0 to 4096 [pid 7204] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7205] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7204] <... mkdir resumed>) = 0 [pid 7204] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7201] <... openat resumed>) = 4 [pid 7205] <... mkdir resumed>) = 0 [pid 7205] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7201] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7200] <... futex resumed>) = 0 [pid 7201] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7200] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7200] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7201] <... openat resumed>) = 5 [pid 7201] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7200] <... futex resumed>) = 0 [pid 7200] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7200] <... futex resumed>) = 0 [pid 7200] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7198] <... futex resumed>) = ? [pid 7201] <... write resumed>) = 1116 [pid 7201] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7200] <... futex resumed>) = 0 [pid 7200] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7200] <... futex resumed>) = 0 [pid 7200] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7201] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7201] <... futex resumed>) = 0 [pid 7201] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7200] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7200] <... futex resumed>) = 0 [pid 7201] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7200] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7201] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7201] <... futex resumed>) = 0 [pid 7200] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7201] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7200] <... futex resumed>) = 0 [pid 7200] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7199] +++ killed by SIGSEGV (core dumped) +++ [pid 7198] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=249, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5870] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7205] <... mount resumed>) = 0 [pid 7205] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7205] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7205] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7205] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] <... futex resumed>) = 0 [pid 7203] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7203] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7205] <... futex resumed>) = 1 [pid 7205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7205] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7203] <... futex resumed>) = 0 [pid 7203] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7203] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7205] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7204] <... mount resumed>) = 0 [pid 7205] <... openat resumed>) = 5 [pid 7204] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] <... umount2 resumed>) = 0 [pid 7205] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7204] <... openat resumed>) = 3 [pid 5872] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7204] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7204] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7204] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7204] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7204] <... futex resumed>) = 1 [pid 7202] <... futex resumed>) = 0 [pid 7204] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7202] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7202] <... futex resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7204] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7202] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7205] <... futex resumed>) = 1 [pid 5872] <... openat resumed>) = 4 [pid 7205] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7203] <... futex resumed>) = 0 [pid 7205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7203] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7205] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7203] <... futex resumed>) = 0 [pid 7205] <... write resumed>) = 1116 [pid 7203] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] newfstatat(4, "", [pid 7205] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7203] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7205] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7203] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7205] <... mmap resumed>) = 0x200000000000 [pid 7203] <... futex resumed>) = 0 [pid 5872] getdents64(4, [pid 7205] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7205] <... futex resumed>) = 0 [pid 7203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] getdents64(4, [pid 7205] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7203] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7205] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7204] <... openat resumed>) = 4 [pid 7203] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7205] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7203] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7205] <... futex resumed>) = 0 [pid 7203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7205] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7203] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] close(4) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7204] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7204] <... futex resumed>) = 1 [pid 7202] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7202] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7204] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5872] unlink("./117/binderfs") = 0 [pid 5872] getdents64(3, [pid 7202] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 7202] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7204] <... openat resumed>) = 5 [pid 5872] <... close resumed>) = 0 [pid 7204] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] rmdir("./117") = 0 [pid 7204] <... futex resumed>) = 1 [pid 7202] <... futex resumed>) = 0 [pid 5872] mkdir("./118", 0777 [pid 5870] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7204] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7202] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... mkdir resumed>) = 0 [pid 7202] <... futex resumed>) = 0 [pid 7204] <... write resumed>) = 1116 [pid 7202] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... openat resumed>) = 3 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 7204] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./117/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./117") = 0 [pid 5870] mkdir("./118", 0777 [pid 7204] <... futex resumed>) = 1 [pid 7202] <... futex resumed>) = 0 [pid 7204] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... ioctl resumed>) = 0 [pid 7202] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7202] <... futex resumed>) = 0 [pid 5872] close(3 [pid 7202] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7204] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7204] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7202] <... futex resumed>) = 0 [pid 7204] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7202] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7204] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7202] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7204] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7202] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7204] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] <... close resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7206 attached , child_tidptr=0x55557616a690) = 251 [pid 7206] set_robust_list(0x55557616a6a0, 24) = 0 executing program [pid 7206] chdir("./118") = 0 [pid 7206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7206] setpgid(0, 0) = 0 [pid 7206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7206] write(3, "1000", 4) = 4 [pid 7206] close(3) = 0 [pid 7206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7206] write(1, "executing program\n", 18) = 18 [pid 7206] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7206] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7206] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 7207 attached [], 8) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 247 [pid 7206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7208 attached [pid 7207] set_robust_list(0x55557616a6a0, 24 [pid 7206] <... clone3 resumed> => {parent_tid=[252]}, 88) = 252 [pid 7200] <... futex resumed>) = ? [pid 7207] <... set_robust_list resumed>) = 0 [pid 7208] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7206] rt_sigprocmask(SIG_SETMASK, [], [pid 7208] <... rseq resumed>) = 0 [pid 7206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7208] set_robust_list(0x7f701fd149a0, 24 [pid 7206] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7208] <... set_robust_list resumed>) = 0 [pid 7206] <... futex resumed>) = 0 [pid 7208] rt_sigprocmask(SIG_SETMASK, [], [pid 7206] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7207] chdir("./118") = 0 [pid 7201] +++ killed by SIGSEGV (core dumped) +++ [pid 7200] +++ killed by SIGSEGV (core dumped) +++ [pid 7208] memfd_create("syzkaller", 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=244, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7207] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7208] <... memfd_create resumed>) = 3 [pid 5868] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7207] <... prctl resumed>) = 0 [pid 7208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... openat resumed>) = 3 [pid 7208] <... mmap resumed>) = 0x7f7017800000 [pid 5868] newfstatat(3, "", [pid 7207] setpgid(0, 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7207] <... setpgid resumed>) = 0 [pid 7207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7207] write(3, "1000", 4 [pid 5868] getdents64(3, [pid 7207] <... write resumed>) = 4 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7207] close(3) = 0 [pid 7207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7207] write(1, "executing program\n", 18executing program ) = 18 [pid 7207] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7207] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[248]}, 88) = 248 ./strace-static-x86_64: Process 7209 attached [pid 7207] rt_sigprocmask(SIG_SETMASK, [], [pid 7209] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7209] <... rseq resumed>) = 0 [pid 7207] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7209] set_robust_list(0x7f701fd149a0, 24 [pid 7207] <... futex resumed>) = 0 [pid 7209] <... set_robust_list resumed>) = 0 [pid 7207] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7209] memfd_create("syzkaller", 0 [pid 7208] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7209] <... memfd_create resumed>) = 3 [pid 7209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7203] <... futex resumed>) = ? [pid 7208] <... write resumed>) = 2097152 [pid 7205] +++ killed by SIGSEGV (core dumped) +++ [pid 7203] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=246, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7208] munmap(0x7f7017800000, 138412032) = 0 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5871] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7208] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7208] ioctl(4, LOOP_SET_FD, 3 [pid 7209] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7202] <... futex resumed>) = ? [pid 7204] +++ killed by SIGSEGV (core dumped) +++ [pid 7202] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=244, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7208] <... ioctl resumed>) = 0 [pid 7208] close(3) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7208] close(4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7208] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7208] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] <... openat resumed>) = 3 [pid 7208] <... mkdir resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 7208] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x31\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 473.553774][ T7208] loop1: detected capacity change from 0 to 4096 [pid 5868] unlink("./117/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./117") = 0 [pid 5868] mkdir("./118", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 7209] <... write resumed>) = 2097152 [pid 5868] close(3 [pid 7209] munmap(0x7f7017800000, 138412032) = 0 [pid 7209] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5871] getdents64(4, [pid 7209] close(3) = 0 [pid 7209] close(4) = 0 [pid 7209] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7209] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./118/binderfs"./strace-static-x86_64: Process 7210 attached ) = 0 [pid 5871] getdents64(3, [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 246 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7210] set_robust_list(0x55557616a6a0, 24 [pid 5871] close(3 [pid 7210] <... set_robust_list resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./118" [pid 7210] chdir("./118" [pid 5871] <... rmdir resumed>) = 0 [pid 7210] <... chdir resumed>) = 0 [pid 7208] <... mount resumed>) = 0 [pid 5871] mkdir("./119", 0777 [pid 5869] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7210] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... mkdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 473.689474][ T7209] loop4: detected capacity change from 0 to 4096 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] ioctl(3, LOOP_CLR_FD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 7208] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7208] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7208] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] newfstatat(AT_FDCWD, "./118/binderfs", [pid 7208] <... chdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7208] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] unlink("./118/binderfs" [pid 7208] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] <... unlink resumed>) = 0 [pid 7208] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(3, [pid 7208] <... futex resumed>) = 1 [pid 7206] <... futex resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7206] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(3 [pid 7206] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7206] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] rmdir("./118" [pid 7210] <... prctl resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7210] setpgid(0, 0 [pid 7208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] mkdir("./119", 0777 [pid 7210] <... setpgid resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] <... openat resumed>) = 3 [pid 7210] write(3, "1000", 4 [pid 7208] <... openat resumed>) = 4 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7210] <... write resumed>) = 4 [pid 5869] <... ioctl resumed>) = 0 [pid 7210] close(3 [pid 5869] close(3 [pid 7208] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] <... close resumed>) = 0 [pid 7208] <... futex resumed>) = 1 [pid 7206] <... futex resumed>) = 0 [pid 7208] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7206] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] symlink("/dev/binderfs", "./binderfs" [pid 7206] <... futex resumed>) = 0 [pid 7206] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7210] <... symlink resumed>) = 0 executing program [pid 7210] write(1, "executing program\n", 18 [pid 7208] <... openat resumed>) = 5 [pid 7208] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7208] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7206] <... futex resumed>) = 0 [pid 7206] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7206] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7208] <... futex resumed>) = 0 [pid 7208] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7210] <... write resumed>) = 18 [pid 7208] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7208] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7206] <... futex resumed>) = 0 [pid 7206] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7208] <... futex resumed>) = 0 [pid 7208] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7210] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7208] <... mmap resumed>) = 0x200000000000 [pid 7210] <... futex resumed>) = 0 [pid 7210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7206] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7208] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7206] <... futex resumed>) = 0 [pid 7206] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7210] <... mmap resumed>) = 0x7f701fcf4000 [pid 7206] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7208] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7208] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7206] <... futex resumed>) = 0 [pid 7206] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7206] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7208] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7210] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... close resumed>) = 0 [pid 7210] <... mprotect resumed>) = 0 [pid 7210] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7211 attached [pid 7210] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 248 [pid 7210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7212 attached [pid 7211] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7210] <... clone3 resumed> => {parent_tid=[247]}, 88) = 247 [pid 7212] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7211] chdir("./119" [pid 7210] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... close resumed>) = 0 [pid 7212] <... rseq resumed>) = 0 [pid 7211] <... chdir resumed>) = 0 [pid 7210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7212] set_robust_list(0x7f701fd149a0, 24 [pid 7211] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7210] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] <... set_robust_list resumed>) = 0 [pid 7211] <... prctl resumed>) = 0 [pid 7212] rt_sigprocmask(SIG_SETMASK, [], [pid 7211] setpgid(0, 0 [pid 7212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7211] <... setpgid resumed>) = 0 [pid 7210] <... futex resumed>) = 0 [pid 7212] memfd_create("syzkaller", 0 [pid 7211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7210] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7212] <... memfd_create resumed>) = 3 [pid 7211] <... openat resumed>) = 3 [pid 7212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7211] write(3, "1000", 4) = 4 [pid 7212] <... mmap resumed>) = 0x7f7017800000 [pid 7211] close(3 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 246 ./strace-static-x86_64: Process 7213 attached [pid 7213] set_robust_list(0x55557616a6a0, 24 [pid 7211] <... close resumed>) = 0 [pid 7213] <... set_robust_list resumed>) = 0 [pid 7213] chdir("./119" [pid 7211] symlink("/dev/binderfs", "./binderfs" [pid 7213] <... chdir resumed>) = 0 [pid 7213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7213] setpgid(0, 0 [pid 7211] <... symlink resumed>) = 0 [pid 7213] <... setpgid resumed>) = 0 [pid 7213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 7213] write(3, "1000", 4 [pid 7211] write(1, "executing program\n", 18 [pid 7209] <... mount resumed>) = 0 [pid 7209] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7211] <... write resumed>) = 18 [pid 7211] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7213] <... write resumed>) = 4 [pid 7211] <... futex resumed>) = 0 [pid 7209] <... openat resumed>) = 3 [pid 7209] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7209] <... chdir resumed>) = 0 [pid 7213] close(3 [pid 7211] <... mmap resumed>) = 0x7f701fcf4000 [pid 7209] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7211] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7209] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7209] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7211] <... mprotect resumed>) = 0 [pid 7209] <... futex resumed>) = 1 [pid 7207] <... futex resumed>) = 0 [pid 7213] <... close resumed>) = 0 [pid 7211] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7209] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7207] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7213] symlink("/dev/binderfs", "./binderfs" [pid 7207] <... futex resumed>) = 0 [pid 7213] <... symlink resumed>) = 0 [pid 7207] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7213] write(1, "executing program\n", 18executing program ) = 18 [pid 7213] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7212] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7211] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7213] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[247]}, 88) = 247 [pid 7213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7215 attached ./strace-static-x86_64: Process 7214 attached [pid 7213] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7213] <... futex resumed>) = 0 [pid 7213] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7214] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7215] <... rseq resumed>) = 0 [pid 7214] <... rseq resumed>) = 0 [pid 7211] <... clone3 resumed> => {parent_tid=[249]}, 88) = 249 [pid 7209] <... openat resumed>) = 4 [pid 7214] set_robust_list(0x7f701fd149a0, 24 [pid 7211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7215] set_robust_list(0x7f701fd149a0, 24 [pid 7214] <... set_robust_list resumed>) = 0 [pid 7209] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7211] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7209] <... futex resumed>) = 1 [pid 7207] <... futex resumed>) = 0 [pid 7214] rt_sigprocmask(SIG_SETMASK, [], [pid 7211] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7209] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7207] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7207] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] <... set_robust_list resumed>) = 0 [pid 7215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7214] memfd_create("syzkaller", 0 [pid 7215] memfd_create("syzkaller", 0 [pid 7214] <... memfd_create resumed>) = 3 [pid 7209] <... openat resumed>) = 5 [pid 7214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7209] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] <... memfd_create resumed>) = 3 [pid 7214] <... mmap resumed>) = 0x7f7017800000 [pid 7209] <... futex resumed>) = 1 [pid 7209] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7207] <... futex resumed>) = 0 [pid 7207] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7209] <... futex resumed>) = 0 [pid 7207] <... futex resumed>) = 1 [pid 7209] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7207] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7209] <... write resumed>) = 1116 [pid 7209] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7209] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7207] <... futex resumed>) = 0 [pid 7207] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7207] <... futex resumed>) = 0 [pid 7207] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7209] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7209] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7207] <... futex resumed>) = 0 [pid 7207] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7209] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7207] <... futex resumed>) = 0 [pid 7209] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7207] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7209] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] <... write resumed>) = 2097152 [pid 7209] <... futex resumed>) = 1 [pid 7207] <... futex resumed>) = 0 [pid 7212] munmap(0x7f7017800000, 138412032 [pid 7209] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7207] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7207] <... futex resumed>) = 0 [pid 7209] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7207] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7212] <... munmap resumed>) = 0 [pid 7214] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7212] ioctl(4, LOOP_SET_FD, 3 [pid 7215] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7206] <... futex resumed>) = ? [pid 7212] <... ioctl resumed>) = 0 [pid 7212] close(3 [pid 7208] +++ killed by SIGSEGV (core dumped) +++ [pid 7206] +++ killed by SIGSEGV (core dumped) +++ [pid 7212] <... close resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=251, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 7212] close(4) = 0 [pid 5870] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7212] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7212] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7214] <... write resumed>) = 2097152 [pid 7215] <... write resumed>) = 2097152 [pid 7214] munmap(0x7f7017800000, 138412032 [ 474.118030][ T7212] loop0: detected capacity change from 0 to 4096 [pid 7215] munmap(0x7f7017800000, 138412032 [pid 7214] <... munmap resumed>) = 0 [pid 7215] <... munmap resumed>) = 0 [pid 7215] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7214] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7215] <... openat resumed>) = 4 [pid 7214] ioctl(4, LOOP_SET_FD, 3 [pid 7215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7214] <... ioctl resumed>) = 0 [pid 7215] close(3 [pid 7214] close(3 [pid 7215] <... close resumed>) = 0 [pid 7214] <... close resumed>) = 0 [pid 7215] close(4 [pid 7214] close(4 [pid 7215] <... close resumed>) = 0 [pid 7214] <... close resumed>) = 0 [pid 7215] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7214] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7215] <... mkdir resumed>) = 0 [pid 7214] <... mkdir resumed>) = 0 [pid 7215] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 474.205114][ T7214] loop2: detected capacity change from 0 to 4096 [ 474.214005][ T7215] loop3: detected capacity change from 0 to 4096 [pid 7214] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7212] <... mount resumed>) = 0 [pid 7212] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7212] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7212] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7210] <... futex resumed>) = 0 [pid 7212] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7210] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = 0 [pid 7212] <... futex resumed>) = 0 [pid 7210] <... futex resumed>) = 1 [pid 7212] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7210] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7212] <... openat resumed>) = 4 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7212] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 4 [pid 7212] <... futex resumed>) = 1 [pid 7212] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7210] <... futex resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 7210] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] <... futex resumed>) = 0 [pid 7210] <... futex resumed>) = 1 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7210] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7212] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7212] <... openat resumed>) = 5 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7212] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7212] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./118/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./118" [pid 7210] <... futex resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 7210] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] mkdir("./119", 0777 [pid 7212] <... futex resumed>) = 0 [pid 7210] <... futex resumed>) = 1 [pid 5870] <... mkdir resumed>) = 0 [pid 7212] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7210] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7212] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... openat resumed>) = 3 [pid 7210] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] <... futex resumed>) = 0 [pid 7210] <... futex resumed>) = 0 [pid 7212] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7210] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7212] <... mmap resumed>) = 0x200000000000 [pid 5870] <... ioctl resumed>) = 0 [pid 7212] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7210] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7210] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7212] <... futex resumed>) = 0 [pid 5870] close(3 [pid 7212] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7212] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7210] <... futex resumed>) = 0 [pid 7210] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7212] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7210] <... futex resumed>) = 0 [pid 7214] <... mount resumed>) = 0 [pid 7214] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7214] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7215] <... mount resumed>) = 0 [pid 7214] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7215] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7214] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7207] <... futex resumed>) = ? [pid 7214] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] <... openat resumed>) = 3 [pid 7215] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7214] <... futex resumed>) = 1 [pid 7213] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7214] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7215] <... chdir resumed>) = 0 [pid 7215] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7213] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7209] +++ killed by SIGSEGV (core dumped) +++ [pid 7207] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7216 attached [pid 7215] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7214] <... futex resumed>) = 0 [pid 7213] <... futex resumed>) = 1 [pid 7216] set_robust_list(0x55557616a6a0, 24 [pid 7215] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7213] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=247, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 253 [pid 5872] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7215] <... futex resumed>) = 1 [pid 7216] <... set_robust_list resumed>) = 0 [pid 7215] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7211] <... futex resumed>) = 0 [pid 7216] chdir("./119" [pid 7215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7211] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7211] <... futex resumed>) = 0 [pid 7216] <... chdir resumed>) = 0 [pid 7211] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7216] setpgid(0, 0) = 0 [pid 7216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7214] <... openat resumed>) = 4 [pid 7213] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7216] <... openat resumed>) = 3 [pid 7213] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] write(3, "1000", 4 [pid 7214] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7213] <... futex resumed>) = 0 [pid 7213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7216] <... write resumed>) = 4 [pid 7215] <... openat resumed>) = 4 [pid 7214] <... futex resumed>) = 0 [pid 7213] <... mmap resumed>) = 0x7f701fcd3000 [pid 7214] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] close(3 [pid 7215] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] <... close resumed>) = 0 [pid 7215] <... futex resumed>) = 1 [pid 7213] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE [pid 7211] <... futex resumed>) = 0 [pid 7216] symlink("/dev/binderfs", "./binderfs" [pid 7215] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7213] <... mprotect resumed>) = 0 [pid 7211] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} [pid 7211] <... futex resumed>) = 0 [pid 7213] <... clone3 resumed> => {parent_tid=[248]}, 88) = 248 [pid 7215] <... openat resumed>) = 5 [pid 7211] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7216] <... symlink resumed>) = 0 [pid 7215] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7213] rt_sigprocmask(SIG_SETMASK, [], executing program ./strace-static-x86_64: Process 7217 attached [pid 7216] write(1, "executing program\n", 18 [pid 7215] <... futex resumed>) = 1 [pid 7213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7211] <... futex resumed>) = 0 [pid 7216] <... write resumed>) = 18 [pid 7211] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7213] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7211] <... futex resumed>) = 0 [pid 7217] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7216] <... futex resumed>) = 0 [pid 7213] <... futex resumed>) = 0 [pid 7211] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7217] <... rseq resumed>) = 0 [pid 7213] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7217] set_robust_list(0x7f701fcf39a0, 24 [pid 7216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7217] <... set_robust_list resumed>) = 0 [pid 7217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7215] <... write resumed>) = 1116 [pid 7216] <... mmap resumed>) = 0x7f701fcf4000 [pid 7215] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7217] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7215] <... futex resumed>) = 1 [pid 7211] <... futex resumed>) = 0 [pid 7216] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7215] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7211] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7211] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7215] <... mmap resumed>) = 0x200000000000 [pid 7217] <... openat resumed>) = 5 [pid 7216] <... mprotect resumed>) = 0 [pid 7215] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7215] <... futex resumed>) = 0 [pid 7211] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7211] <... futex resumed>) = 0 [pid 7217] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7216] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7215] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7211] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7217] <... futex resumed>) = 1 [pid 7217] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7213] <... futex resumed>) = 0 [pid 7213] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7213] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7214] <... futex resumed>) = 0 [pid 7216] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7215] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7214] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7215] <... futex resumed>) = 1 [pid 7214] <... write resumed>) = 1116 [pid 7211] <... futex resumed>) = 0 [pid 7216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7214] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7211] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7215] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- ./strace-static-x86_64: Process 7218 attached [pid 7214] <... futex resumed>) = 1 [pid 7213] <... futex resumed>) = 0 [pid 7218] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7214] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7218] <... rseq resumed>) = 0 [pid 7218] set_robust_list(0x7f701fd149a0, 24 [pid 7213] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7218] <... set_robust_list resumed>) = 0 [pid 7218] rt_sigprocmask(SIG_SETMASK, [], [pid 7216] <... clone3 resumed> => {parent_tid=[254]}, 88) = 254 [pid 7214] <... futex resumed>) = 0 [pid 7213] <... futex resumed>) = 1 [pid 7218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7216] rt_sigprocmask(SIG_SETMASK, [], [pid 7214] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7213] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7218] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7216] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7218] <... futex resumed>) = 0 [pid 7216] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7214] <... mmap resumed>) = 0x200000000000 [pid 7214] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7213] <... futex resumed>) = 0 [pid 7214] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7213] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7218] memfd_create("syzkaller", 0 [pid 7214] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7213] <... futex resumed>) = 0 [pid 7214] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7213] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7214] <... futex resumed>) = 0 [pid 7213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7214] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7213] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7218] <... memfd_create resumed>) = 3 [pid 7218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./118/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./118") = 0 [pid 5872] mkdir("./119", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7218] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] <... close resumed>) = 0 [pid 7218] <... write resumed>) = 2097152 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7218] munmap(0x7f7017800000, 138412032 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 249 ./strace-static-x86_64: Process 7219 attached [pid 7219] set_robust_list(0x55557616a6a0, 24 [pid 7218] <... munmap resumed>) = 0 [pid 7219] <... set_robust_list resumed>) = 0 [pid 7219] chdir("./119") = 0 [pid 7218] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7218] <... openat resumed>) = 4 [pid 7219] setpgid(0, 0 [pid 7218] ioctl(4, LOOP_SET_FD, 3 [pid 7212] +++ killed by SIGSEGV (core dumped) +++ [pid 7210] +++ killed by SIGSEGV (core dumped) +++ [pid 7219] <... setpgid resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=246, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7219] write(3, "1000", 4 [pid 7218] <... ioctl resumed>) = 0 [pid 7219] <... write resumed>) = 4 [pid 7218] close(3 [pid 7219] close(3 [pid 7218] <... close resumed>) = 0 [pid 7218] close(4 [pid 7219] <... close resumed>) = 0 [pid 7219] symlink("/dev/binderfs", "./binderfs" [pid 7218] <... close resumed>) = 0 [pid 7219] <... symlink resumed>) = 0 [pid 7218] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7219] write(1, "executing program\n", 18 [pid 7218] <... mkdir resumed>) = 0 executing program [pid 7219] <... write resumed>) = 18 [ 474.809192][ T7218] loop1: detected capacity change from 0 to 4096 [pid 7218] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7219] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7219] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7220 attached [pid 7220] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7219] <... clone3 resumed> => {parent_tid=[250]}, 88) = 250 [pid 7220] <... rseq resumed>) = 0 [pid 7219] rt_sigprocmask(SIG_SETMASK, [], [pid 7220] set_robust_list(0x7f701fd149a0, 24 [pid 7219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] <... set_robust_list resumed>) = 0 [pid 7220] rt_sigprocmask(SIG_SETMASK, [], [pid 7219] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] memfd_create("syzkaller", 0 [pid 7219] <... futex resumed>) = 0 [pid 7220] <... memfd_create resumed>) = 3 [pid 7220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7219] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7211] <... futex resumed>) = ? [pid 7215] +++ killed by SIGSEGV (core dumped) +++ [pid 7211] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=248, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5871] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", [pid 5868] <... umount2 resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7220] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] umount2("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x31\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./118/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./118") = 0 [pid 5868] mkdir("./119", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7218] <... mount resumed>) = 0 [pid 7217] <... futex resumed>) = ? [pid 7213] <... futex resumed>) = ? [pid 7217] +++ killed by SIGSEGV (core dumped) +++ [pid 7218] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7214] +++ killed by SIGSEGV (core dumped) +++ [pid 7213] +++ killed by SIGSEGV (core dumped) +++ [pid 7218] <... openat resumed>) = 3 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=246, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7218] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7218] <... chdir resumed>) = 0 [pid 7218] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7220] <... write resumed>) = 2097152 [pid 7218] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7218] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] munmap(0x7f7017800000, 138412032 [pid 7218] <... futex resumed>) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7218] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7216] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7216] <... futex resumed>) = 0 [pid 7218] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7216] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7218] <... openat resumed>) = 4 [pid 7218] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7218] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7216] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7218] <... openat resumed>) = 5 [pid 7216] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7216] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7218] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7218] <... futex resumed>) = 1 [pid 7216] <... futex resumed>) = 0 [pid 7216] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7216] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7218] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5871] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 7221 attached [pid 7218] <... write resumed>) = 1116 [pid 5871] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7221] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 248 [pid 7221] <... set_robust_list resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7218] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7216] <... futex resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7221] chdir("./119") = 0 [pid 7216] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7216] <... futex resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7221] setpgid(0, 0) = 0 [pid 7218] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7216] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7220] <... munmap resumed>) = 0 [pid 7218] <... mmap resumed>) = 0x200000000000 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7221] <... openat resumed>) = 3 [pid 7218] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 4 [pid 7218] <... futex resumed>) = 1 [pid 7216] <... futex resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 7221] write(3, "1000", 4 [pid 7218] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7216] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7221] <... write resumed>) = 4 [pid 7221] close(3 [pid 7216] <... futex resumed>) = 0 [pid 5871] getdents64(4, [pid 7221] <... close resumed>) = 0 [pid 7216] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7221] symlink("/dev/binderfs", "./binderfs" [pid 7218] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5871] getdents64(4, [pid 7221] <... symlink resumed>) = 0 [pid 7220] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 executing program [pid 7221] write(1, "executing program\n", 18 [pid 7220] <... openat resumed>) = 4 [pid 7218] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] close(4 [pid 7221] <... write resumed>) = 18 [pid 7220] ioctl(4, LOOP_SET_FD, 3 [pid 7218] <... futex resumed>) = 1 [pid 7216] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7221] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7216] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] rmdir("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7221] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7216] <... futex resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 7221] <... mprotect resumed>) = 0 [pid 7218] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7216] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7221] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7221] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./119/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./119") = 0 [pid 5871] mkdir("./120", 0777) = 0 [pid 7221] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7222 attached [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7222] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7221] <... clone3 resumed> => {parent_tid=[249]}, 88) = 249 [pid 5871] <... openat resumed>) = 3 [pid 7221] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7222] <... rseq resumed>) = 0 [pid 7221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] close(3 [pid 7222] set_robust_list(0x7f701fd149a0, 24 [pid 7221] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... set_robust_list resumed>) = 0 [pid 7221] <... futex resumed>) = 0 [pid 7222] rt_sigprocmask(SIG_SETMASK, [], [pid 7221] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] <... ioctl resumed>) = 0 [pid 7220] close(3) = 0 [pid 7220] close(4) = 0 [pid 7220] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7220] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 475.102715][ T7220] loop4: detected capacity change from 0 to 4096 [pid 7222] memfd_create("syzkaller", 0) = 3 [pid 7222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7223 attached [pid 7223] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7223] chdir("./120" [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 250 [pid 7223] <... chdir resumed>) = 0 [pid 7223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7223] setpgid(0, 0) = 0 [pid 7223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] <... umount2 resumed>) = 0 [pid 7223] <... openat resumed>) = 3 [pid 7223] write(3, "1000", 4) = 4 [pid 7223] close(3) = 0 [pid 7223] symlink("/dev/binderfs", "./binderfs" [pid 5869] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7223] <... symlink resumed>) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 executing program [pid 7223] write(1, "executing program\n", 18 [pid 5869] getdents64(4, [pid 7223] <... write resumed>) = 18 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7223] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] close(4 [pid 7223] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] rmdir("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7223] <... mmap resumed>) = 0x7f701fcf4000 [pid 5869] <... rmdir resumed>) = 0 [pid 7223] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7223] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./119/binderfs", [pid 7223] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] unlink("./119/binderfs"./strace-static-x86_64: Process 7224 attached ) = 0 [pid 7223] <... clone3 resumed> => {parent_tid=[251]}, 88) = 251 [pid 5869] getdents64(3, [pid 7223] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] close(3 [pid 7223] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 7223] <... futex resumed>) = 0 [pid 5869] rmdir("./119" [pid 7223] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./120", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7224] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3 [pid 7224] <... rseq resumed>) = 0 [pid 7224] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7224] memfd_create("syzkaller", 0) = 3 [pid 7224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7222] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7225 attached [pid 7225] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7225] chdir("./120") = 0 [pid 7225] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 249 [pid 7225] <... prctl resumed>) = 0 [pid 7225] setpgid(0, 0) = 0 [pid 7225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7225] write(3, "1000", 4) = 4 [pid 7225] close(3) = 0 [pid 7225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7225] write(1, "executing program\n", 18executing program ) = 18 [pid 7225] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7225] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7226 attached [pid 7220] <... mount resumed>) = 0 [pid 7220] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7226] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7225] <... clone3 resumed> => {parent_tid=[250]}, 88) = 250 [pid 7220] <... openat resumed>) = 3 [pid 7226] <... rseq resumed>) = 0 [pid 7225] rt_sigprocmask(SIG_SETMASK, [], [pid 7224] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7220] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7226] set_robust_list(0x7f701fd149a0, 24 [pid 7225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] <... chdir resumed>) = 0 [pid 7226] <... set_robust_list resumed>) = 0 [pid 7225] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7226] rt_sigprocmask(SIG_SETMASK, [], [pid 7225] <... futex resumed>) = 0 [pid 7220] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7220] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7220] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7220] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] <... futex resumed>) = 0 [pid 7226] memfd_create("syzkaller", 0 [pid 7225] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7226] <... memfd_create resumed>) = 3 [pid 7226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7219] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... futex resumed>) = 0 [pid 7219] <... futex resumed>) = 1 [pid 7220] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7219] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7220] <... openat resumed>) = 4 [pid 7220] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... futex resumed>) = 0 [pid 7219] <... futex resumed>) = 1 [pid 7220] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7219] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7222] <... write resumed>) = 2097152 [pid 7220] <... openat resumed>) = 5 [pid 7220] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7219] <... futex resumed>) = 0 [pid 7220] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7219] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... write resumed>) = 1116 [pid 7219] <... futex resumed>) = 0 [pid 7220] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] munmap(0x7f7017800000, 138412032 [pid 7219] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7220] <... futex resumed>) = 0 [pid 7219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7220] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7219] <... futex resumed>) = 0 [pid 7220] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7219] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7220] <... mmap resumed>) = 0x200000000000 [pid 7220] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7224] <... write resumed>) = 2097152 [pid 7220] <... futex resumed>) = 1 [pid 7224] munmap(0x7f7017800000, 138412032 [pid 7220] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] <... futex resumed>) = 0 [pid 7219] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7220] <... futex resumed>) = 0 [pid 7219] <... futex resumed>) = 1 [pid 7220] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7219] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7220] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7220] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7220] <... futex resumed>) = 0 [pid 7220] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7219] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... munmap resumed>) = 0 [pid 7219] <... futex resumed>) = 1 [pid 7222] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7219] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7220] <... futex resumed>) = 0 [pid 7222] <... openat resumed>) = 4 [pid 7220] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7222] ioctl(4, LOOP_SET_FD, 3 [pid 7224] <... munmap resumed>) = 0 [pid 7226] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7224] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7222] <... ioctl resumed>) = 0 [pid 7224] <... openat resumed>) = 4 [pid 7224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7222] close(3) = 0 [pid 7222] close(4 [pid 7224] close(3 [pid 7222] <... close resumed>) = 0 [pid 7224] <... close resumed>) = 0 [pid 7224] close(4 [pid 7222] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7222] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7224] <... close resumed>) = 0 [pid 7224] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7224] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7216] <... futex resumed>) = ? [pid 7218] +++ killed by SIGSEGV (core dumped) +++ [pid 7216] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=253, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [ 475.445706][ T7222] loop0: detected capacity change from 0 to 4096 [ 475.479547][ T7224] loop3: detected capacity change from 0 to 4096 [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7226] <... write resumed>) = 2097152 [pid 7226] munmap(0x7f7017800000, 138412032) = 0 [pid 7226] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7226] close(3) = 0 [pid 7226] close(4) = 0 [pid 7226] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 475.619609][ T7226] loop2: detected capacity change from 0 to 4096 [pid 7226] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7222] <... mount resumed>) = 0 [pid 7222] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7222] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7224] <... mount resumed>) = 0 [pid 7222] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7224] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7222] <... futex resumed>) = 1 [pid 7224] <... openat resumed>) = 3 [pid 7222] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7224] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7224] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7221] <... futex resumed>) = 0 [pid 7224] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7223] <... futex resumed>) = 0 [pid 7223] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7223] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7224] <... futex resumed>) = 1 [pid 7224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7221] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... futex resumed>) = 0 [pid 7221] <... futex resumed>) = 1 [pid 7222] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7221] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7222] <... openat resumed>) = 4 [pid 7222] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7221] <... futex resumed>) = 0 [pid 7222] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7221] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7222] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7221] <... futex resumed>) = 0 [pid 7221] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7224] <... openat resumed>) = 4 [pid 7222] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = 0 [pid 7224] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... futex resumed>) = 1 [pid 7224] <... futex resumed>) = 1 [pid 7223] <... futex resumed>) = 0 [pid 7222] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7223] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7223] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7221] <... futex resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7221] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7221] <... futex resumed>) = 1 [pid 7222] <... futex resumed>) = 0 [pid 7221] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7224] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7222] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7222] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7222] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7224] <... openat resumed>) = 5 [pid 7221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7221] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7222] <... futex resumed>) = 0 [pid 7221] <... futex resumed>) = 1 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7222] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7221] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7224] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... mmap resumed>) = 0x200000000000 [pid 5870] <... openat resumed>) = 4 [pid 7224] <... futex resumed>) = 1 [pid 7223] <... futex resumed>) = 0 [pid 7222] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(4, "", [pid 7224] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7223] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7224] <... write resumed>) = 1116 [pid 7223] <... futex resumed>) = 0 [pid 7222] <... futex resumed>) = 1 [pid 7221] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7224] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7223] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7222] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7224] <... futex resumed>) = 0 [pid 7223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7221] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(4, [pid 7224] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7223] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7221] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7223] <... futex resumed>) = 0 [pid 7222] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7221] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(4, [pid 7224] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7223] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7222] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7224] <... mmap resumed>) = 0x200000000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7224] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7222] <... futex resumed>) = 0 [pid 7221] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(4 [pid 7221] <... futex resumed>) = 0 [pid 7221] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7224] <... futex resumed>) = 1 [pid 7223] <... futex resumed>) = 0 [pid 7222] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... rmdir resumed>) = 0 [pid 7224] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7223] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7224] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7223] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./119/binderfs", [pid 7223] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./119/binderfs") = 0 [pid 7224] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7224] <... futex resumed>) = 1 [pid 7223] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7224] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7223] ???( [pid 5870] close(3) = 0 [pid 5870] rmdir("./119" [pid 7219] <... futex resumed>) = ? [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./120", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 7220] +++ killed by SIGSEGV (core dumped) +++ [pid 7219] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] close(3 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=249, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7227 attached , child_tidptr=0x55557616a690) = 255 [pid 7227] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7227] chdir("./120") = 0 [pid 7227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7227] setpgid(0, 0) = 0 [pid 7227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7227] write(3, "1000", 4) = 4 [pid 7227] close(3) = 0 [pid 7227] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7227] write(1, "executing program\n", 18 [pid 7226] <... mount resumed>) = 0 [pid 7227] <... write resumed>) = 18 [pid 7226] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7227] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7226] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7226] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7227] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7226] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7227] <... mprotect resumed>) = 0 [pid 7226] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7226] <... futex resumed>) = 1 [pid 7226] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... futex resumed>) = 0 [pid 7227] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7225] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7228 attached => {parent_tid=[256]}, 88) = 256 [pid 7227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7227] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7227] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7228] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7228] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7228] memfd_create("syzkaller", 0 [pid 7226] <... futex resumed>) = 0 [pid 7225] <... futex resumed>) = 1 [pid 7226] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7225] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] <... memfd_create resumed>) = 3 [pid 7228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7226] <... openat resumed>) = 4 [pid 7226] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7226] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... futex resumed>) = 0 [pid 7225] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7226] <... futex resumed>) = 0 [pid 7225] <... futex resumed>) = 1 [pid 7226] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7225] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... umount2 resumed>) = 0 [pid 7226] <... openat resumed>) = 5 [pid 5872] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7226] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7226] <... futex resumed>) = 1 [pid 7226] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7225] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7226] <... futex resumed>) = 0 [pid 7225] <... futex resumed>) = 1 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7226] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7226] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7226] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7228] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7225] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 4 [pid 7225] <... futex resumed>) = 1 [pid 5872] newfstatat(4, "", [pid 7226] <... futex resumed>) = 0 [pid 7225] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7226] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5872] getdents64(4, [pid 7226] <... mmap resumed>) = 0x200000000000 [pid 7226] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7225] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7225] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(4, [pid 7225] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7225] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7226] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7226] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7226] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] close(4 [pid 7225] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... close resumed>) = 0 [pid 7225] <... futex resumed>) = 1 [pid 5872] rmdir("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7225] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7226] <... futex resumed>) = 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5872] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7226] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7228] <... write resumed>) = 2097152 [pid 5872] newfstatat(AT_FDCWD, "./119/binderfs", [pid 7221] <... futex resumed>) = ? [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7228] munmap(0x7f7017800000, 138412032 [pid 7222] +++ killed by SIGSEGV (core dumped) +++ [pid 7221] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] unlink("./119/binderfs" [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=248, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 5872] <... unlink resumed>) = 0 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./119") = 0 [pid 5872] mkdir("./120", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] <... restart_syscall resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5868] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5868] newfstatat(3, "", [pid 5872] <... ioctl resumed>) = 0 [pid 7228] <... munmap resumed>) = 0 [pid 5872] close(3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7223] <... ??? resumed>) = ? [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7228] <... openat resumed>) = 4 [pid 7224] +++ killed by SIGSEGV (core dumped) +++ [pid 7223] +++ killed by SIGSEGV (core dumped) +++ [pid 7228] ioctl(4, LOOP_SET_FD, 3 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=250, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5871] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 7228] <... ioctl resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7228] close(3./strace-static-x86_64: Process 7229 attached ) = 0 [pid 7228] close(4 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 251 [ 476.221852][ T7228] loop1: detected capacity change from 0 to 4096 [pid 7229] set_robust_list(0x55557616a6a0, 24 [pid 7228] <... close resumed>) = 0 [pid 7229] <... set_robust_list resumed>) = 0 [pid 7229] chdir("./120" [pid 7228] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7229] <... chdir resumed>) = 0 [pid 7229] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7228] <... mkdir resumed>) = 0 [pid 7229] <... prctl resumed>) = 0 [pid 7229] setpgid(0, 0 [pid 7228] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7229] <... setpgid resumed>) = 0 [pid 7229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7229] write(3, "1000", 4) = 4 [pid 7229] close(3) = 0 executing program [pid 7229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7229] write(1, "executing program\n", 18) = 18 [pid 7229] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7229] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7230 attached => {parent_tid=[252]}, 88) = 252 [pid 7229] rt_sigprocmask(SIG_SETMASK, [], [pid 7230] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7229] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] <... rseq resumed>) = 0 [pid 7230] set_robust_list(0x7f701fd149a0, 24 [pid 7229] <... futex resumed>) = 0 [pid 7230] <... set_robust_list resumed>) = 0 [pid 7230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7229] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7230] memfd_create("syzkaller", 0) = 3 [pid 5871] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7230] <... mmap resumed>) = 0x7f7017800000 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 4 [pid 5871] newfstatat(4, "", [pid 5868] newfstatat(4, "", [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 5868] getdents64(4, [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] close(4 [pid 5868] getdents64(4, [pid 5871] <... close resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] close(4 [pid 5871] <... rmdir resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5871] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] rmdir("\x2e\x2f\x31\x31\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./120/binderfs", [pid 5868] <... rmdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] unlink("./120/binderfs" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... unlink resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./119/binderfs", [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] close(3 [pid 5868] unlink("./119/binderfs" [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./120" [pid 5868] <... unlink resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5868] getdents64(3, [pid 5871] mkdir("./121", 0777 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3 [pid 5871] <... mkdir resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] rmdir("./119" [pid 5871] <... openat resumed>) = 3 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./120", 0777 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5871] close(3 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7230] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... close resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7225] <... futex resumed>) = ? [pid 7226] +++ killed by SIGSEGV (core dumped) +++ [pid 7225] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7232 attached ./strace-static-x86_64: Process 7231 attached [pid 7230] <... write resumed>) = 2097152 [pid 7228] <... mount resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=249, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 7232] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 252 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 250 [pid 7231] set_robust_list(0x55557616a6a0, 24 [pid 7228] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7231] <... set_robust_list resumed>) = 0 [pid 5869] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7232] <... set_robust_list resumed>) = 0 [pid 7231] chdir("./121" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7232] chdir("./120" [pid 7231] <... chdir resumed>) = 0 [pid 7230] munmap(0x7f7017800000, 138412032 [pid 7228] <... openat resumed>) = 3 [pid 5869] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7232] <... chdir resumed>) = 0 [pid 7231] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7232] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] <... openat resumed>) = 3 [pid 7231] <... prctl resumed>) = 0 [pid 7232] <... prctl resumed>) = 0 [pid 7231] setpgid(0, 0 [pid 7230] <... munmap resumed>) = 0 [pid 7228] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] newfstatat(3, "", [pid 7232] setpgid(0, 0 [pid 7231] <... setpgid resumed>) = 0 [pid 7232] <... setpgid resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7228] <... chdir resumed>) = 0 [pid 5869] getdents64(3, [pid 7231] write(3, "1000", 4 [pid 7230] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7232] <... openat resumed>) = 3 [pid 7231] <... write resumed>) = 4 [pid 7230] <... openat resumed>) = 4 [pid 7228] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7231] close(3) = 0 [pid 7230] ioctl(4, LOOP_SET_FD, 3 [pid 7228] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7231] symlink("/dev/binderfs", "./binderfs" [pid 7228] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7227] <... futex resumed>) = 0 [pid 7228] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7227] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7232] write(3, "1000", 4 [pid 7231] <... symlink resumed>) = 0 [pid 7227] <... futex resumed>) = 0 [pid 7232] <... write resumed>) = 4 [pid 7231] write(1, "executing program\n", 18 [pid 7232] close(3 [pid 7231] <... write resumed>) = 18 [pid 7232] <... close resumed>) = 0 [pid 7227] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7231] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7232] symlink("/dev/binderfs", "./binderfs" [pid 7231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7230] <... ioctl resumed>) = 0 executing program [pid 7232] <... symlink resumed>) = 0 [pid 7231] <... mmap resumed>) = 0x7f701fcf4000 [pid 7230] close(3 [pid 7232] write(1, "executing program\n", 18 [pid 7231] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7232] <... write resumed>) = 18 [pid 7230] <... close resumed>) = 0 [pid 7232] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] <... mprotect resumed>) = 0 [pid 7228] <... openat resumed>) = 4 [pid 7230] close(4 [pid 7231] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7230] <... close resumed>) = 0 [pid 7230] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7232] <... futex resumed>) = 0 [pid 7231] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7230] <... mkdir resumed>) = 0 [pid 7228] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7230] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7232] <... mmap resumed>) = 0x7f701fcf4000 [pid 7228] <... futex resumed>) = 1 [pid 7227] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7233 attached [pid 7232] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7231] <... clone3 resumed> => {parent_tid=[253]}, 88) = 253 [pid 7228] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7227] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [ 476.503685][ T7230] loop4: detected capacity change from 0 to 4096 [pid 7233] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7232] <... mprotect resumed>) = 0 [pid 7231] rt_sigprocmask(SIG_SETMASK, [], [pid 7228] <... openat resumed>) = 5 [pid 7227] <... futex resumed>) = 0 [pid 7233] set_robust_list(0x7f701fd149a0, 24 [pid 7232] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7233] <... set_robust_list resumed>) = 0 [pid 7231] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7228] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7232] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7231] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7228] <... futex resumed>) = 0 [pid 7227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7233] rt_sigprocmask(SIG_SETMASK, [], [pid 7232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7228] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7227] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7228] <... write resumed>) = 1116 [pid 7227] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7234 attached [pid 7233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7228] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] <... futex resumed>) = 0 [pid 7227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7228] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7227] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7228] <... mmap resumed>) = 0x200000000000 [pid 7227] <... futex resumed>) = 0 [pid 7233] memfd_create("syzkaller", 0 [pid 7228] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] <... futex resumed>) = 0 [pid 7227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7228] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7227] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7228] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7227] <... futex resumed>) = 0 [pid 7228] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7227] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7228] <... futex resumed>) = 0 [pid 7227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7228] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7227] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7234] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7232] <... clone3 resumed> => {parent_tid=[251]}, 88) = 251 [pid 7234] <... rseq resumed>) = 0 [pid 7233] <... memfd_create resumed>) = 3 [pid 7232] rt_sigprocmask(SIG_SETMASK, [], [pid 7234] set_robust_list(0x7f701fd149a0, 24 [pid 7233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7234] <... set_robust_list resumed>) = 0 [pid 7234] rt_sigprocmask(SIG_SETMASK, [], [pid 7233] <... mmap resumed>) = 0x7f7017800000 [pid 7232] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7234] memfd_create("syzkaller", 0) = 3 [pid 7232] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7234] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7233] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7230] <... mount resumed>) = 0 [pid 7230] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7230] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7230] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7230] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 7230] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] <... futex resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7230] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7229] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... rmdir resumed>) = 0 [pid 7230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7229] <... futex resumed>) = 0 [pid 7230] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7229] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7230] <... openat resumed>) = 4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./120/binderfs") = 0 [pid 7230] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./120" [pid 7230] <... futex resumed>) = 1 [pid 7229] <... futex resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7230] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7229] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7229] <... futex resumed>) = 0 [pid 7230] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7229] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] mkdir("./121", 0777 [pid 7234] <... write resumed>) = 2097152 [pid 5869] <... mkdir resumed>) = 0 [pid 7234] munmap(0x7f7017800000, 138412032 [pid 7230] <... openat resumed>) = 5 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7230] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7233] <... write resumed>) = 2097152 [pid 7230] <... futex resumed>) = 1 [pid 7229] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7229] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7229] <... futex resumed>) = 0 [pid 7229] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7234] <... munmap resumed>) = 0 [pid 7233] munmap(0x7f7017800000, 138412032 [pid 7230] <... write resumed>) = 1116 [pid 7234] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7233] <... munmap resumed>) = 0 [pid 7230] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7234] <... openat resumed>) = 4 [pid 7233] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7230] <... futex resumed>) = 1 [pid 7229] <... futex resumed>) = 0 [pid 7234] ioctl(4, LOOP_SET_FD, 3 [pid 7229] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7234] <... ioctl resumed>) = 0 [pid 7229] <... futex resumed>) = 0 [pid 7233] <... openat resumed>) = 4 [pid 7230] <... mmap resumed>) = 0x200000000000 [pid 7229] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7233] ioctl(4, LOOP_SET_FD, 3 [pid 7230] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] <... futex resumed>) = 0 [pid 7230] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7229] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7230] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7229] <... futex resumed>) = 0 [pid 7229] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7230] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7229] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7230] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7229] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7229] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7235 attached [pid 7234] close(3 [pid 7233] <... ioctl resumed>) = 0 [pid 7235] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 251 [pid 7235] <... set_robust_list resumed>) = 0 [pid 7233] close(3 [pid 7235] chdir("./121" [pid 7233] <... close resumed>) = 0 [pid 7233] close(4 [pid 7235] <... chdir resumed>) = 0 [pid 7235] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7233] <... close resumed>) = 0 [pid 7235] <... prctl resumed>) = 0 [pid 7235] setpgid(0, 0) = 0 [pid 7235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7234] <... close resumed>) = 0 [pid 7233] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7234] close(4 [pid 7233] <... mkdir resumed>) = 0 [pid 7235] <... openat resumed>) = 3 [pid 7234] <... close resumed>) = 0 [ 476.799167][ T7234] loop0: detected capacity change from 0 to 4096 [ 476.808850][ T7233] loop3: detected capacity change from 0 to 4096 [pid 7233] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7235] write(3, "1000", 4) = 4 [pid 7235] close(3 [pid 7234] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777executing program [pid 7235] <... close resumed>) = 0 [pid 7234] <... mkdir resumed>) = 0 [pid 7234] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7235] write(1, "executing program\n", 18) = 18 [pid 7235] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7235] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[252]}, 88) = 252 [pid 7235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7235] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7236 attached ) = 0 [pid 7235] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7236] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7236] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7236] memfd_create("syzkaller", 0) = 3 [pid 7236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7227] <... futex resumed>) = ? [pid 7228] +++ killed by SIGSEGV (core dumped) +++ [pid 7227] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=255, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7236] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7234] <... mount resumed>) = 0 [pid 7234] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7234] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7234] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7232] <... futex resumed>) = 0 [pid 7234] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7232] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7232] <... futex resumed>) = 0 [pid 7232] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7234] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7236] <... write resumed>) = 2097152 [pid 7234] <... openat resumed>) = 4 [pid 5870] <... umount2 resumed>) = 0 [pid 7236] munmap(0x7f7017800000, 138412032 [pid 7234] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7236] <... munmap resumed>) = 0 [pid 7234] <... futex resumed>) = 1 [pid 7232] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7236] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7232] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7236] <... openat resumed>) = 4 [pid 7236] ioctl(4, LOOP_SET_FD, 3 [pid 7234] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7233] <... mount resumed>) = 0 [pid 7232] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7232] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7233] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7234] <... openat resumed>) = 5 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7234] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7233] <... openat resumed>) = 3 [pid 7233] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7234] <... futex resumed>) = 1 [pid 7232] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7234] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7233] <... chdir resumed>) = 0 [pid 7232] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7233] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7232] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 4 [pid 7234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7233] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7232] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(4, "", [pid 7236] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7236] close(3) = 0 [pid 7236] close(4) = 0 [pid 7236] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7236] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7234] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7233] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(4, [pid 7234] <... write resumed>) = 1116 [pid 7233] <... futex resumed>) = 1 [pid 7231] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7234] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7233] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7231] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(4 [pid 7234] <... futex resumed>) = 1 [pid 7233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7232] <... futex resumed>) = 0 [pid 7231] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7234] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7233] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7232] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] rmdir("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7232] <... futex resumed>) = 0 [pid 7232] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7234] <... mmap resumed>) = 0x200000000000 [pid 5870] <... rmdir resumed>) = 0 [pid 7234] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7234] <... futex resumed>) = 1 [pid 7232] <... futex resumed>) = 0 [pid 7234] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7232] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7232] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./120/binderfs", [pid 7232] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7234] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5870] unlink("./120/binderfs") = 0 [pid 7234] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] getdents64(3, [pid 7234] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7234] <... futex resumed>) = 1 [pid 7232] <... futex resumed>) = 0 [pid 5870] close(3 [pid 7234] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7232] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7232] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7234] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7232] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] rmdir("./120" [pid 7233] <... openat resumed>) = 4 [pid 7233] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 7233] <... futex resumed>) = 1 [pid 7231] <... futex resumed>) = 0 [pid 5870] mkdir("./121", 0777 [pid 7231] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... mkdir resumed>) = 0 [pid 7231] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7231] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... openat resumed>) = 3 [pid 7233] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 477.119301][ T7236] loop2: detected capacity change from 0 to 4096 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7233] <... openat resumed>) = 5 [pid 7233] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7231] <... futex resumed>) = 0 [pid 7233] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7231] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7233] <... write resumed>) = 1116 [pid 7231] <... futex resumed>) = 0 [pid 7230] +++ killed by SIGSEGV (core dumped) +++ [pid 7229] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=251, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 7233] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7233] <... futex resumed>) = 0 [pid 7231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7233] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7231] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7231] <... futex resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... close resumed>) = 0 [pid 7233] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7231] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7233] <... mmap resumed>) = 0x200000000000 [pid 7233] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", [pid 7233] <... futex resumed>) = 1 [pid 7231] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7233] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7231] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7233] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7231] <... futex resumed>) = 0 [pid 5872] getdents64(3, [pid 7233] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7231] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7233] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7237 attached [pid 7233] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7231] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7231] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 257 [pid 7233] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7237] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7237] chdir("./121") = 0 [pid 7237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7237] setpgid(0, 0) = 0 [pid 7237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7237] write(3, "1000", 4) = 4 [pid 7237] close(3 [pid 7236] <... mount resumed>) = 0 [pid 7237] <... close resumed>) = 0 [pid 7237] symlink("/dev/binderfs", "./binderfs" [pid 7236] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7237] <... symlink resumed>) = 0 [pid 7236] <... openat resumed>) = 3 executing program [pid 7236] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7237] write(1, "executing program\n", 18 [pid 7236] <... chdir resumed>) = 0 [pid 7237] <... write resumed>) = 18 [pid 7236] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7237] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7236] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7237] <... futex resumed>) = 0 [pid 7236] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7236] <... futex resumed>) = 1 [pid 7235] <... futex resumed>) = 0 [pid 7237] <... mmap resumed>) = 0x7f701fcf4000 [pid 7236] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7235] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7237] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7235] <... futex resumed>) = 0 [pid 7237] <... mprotect resumed>) = 0 [pid 7236] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7237] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7235] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7237] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7238 attached => {parent_tid=[258]}, 88) = 258 [pid 7238] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7237] rt_sigprocmask(SIG_SETMASK, [], [pid 7238] <... rseq resumed>) = 0 [pid 7237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7237] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7238] set_robust_list(0x7f701fd149a0, 24 [pid 7237] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7238] <... set_robust_list resumed>) = 0 [pid 7238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7238] memfd_create("syzkaller", 0) = 3 [pid 7238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7236] <... openat resumed>) = 4 [pid 7236] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7235] <... futex resumed>) = 0 [pid 7235] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7235] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7236] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7236] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7235] <... futex resumed>) = 0 [pid 7235] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7235] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7236] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7236] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7236] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7235] <... futex resumed>) = 0 [pid 7235] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7236] <... futex resumed>) = 0 [pid 7235] <... futex resumed>) = 1 [pid 7236] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7235] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7236] <... mmap resumed>) = 0x200000000000 [pid 7236] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7235] <... futex resumed>) = 0 [pid 7235] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7236] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7235] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7236] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7236] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7235] <... futex resumed>) = 0 [pid 7235] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7236] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7235] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7238] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./120/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./120") = 0 [pid 5872] mkdir("./121", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7238] <... write resumed>) = 2097152 [pid 7232] <... futex resumed>) = ? [pid 7238] munmap(0x7f7017800000, 138412032 [pid 7234] +++ killed by SIGSEGV (core dumped) +++ [pid 7232] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=250, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7238] <... munmap resumed>) = 0 [pid 7238] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7238] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7239 attached , child_tidptr=0x55557616a690) = 253 [pid 7238] <... ioctl resumed>) = 0 [pid 7239] set_robust_list(0x55557616a6a0, 24 [pid 7238] close(3) = 0 [pid 7239] <... set_robust_list resumed>) = 0 [pid 7238] close(4 [pid 7239] chdir("./121" [pid 7238] <... close resumed>) = 0 [pid 7238] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7239] <... chdir resumed>) = 0 [pid 7239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7239] setpgid(0, 0) = 0 [pid 7239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7238] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7239] <... openat resumed>) = 3 executing program [pid 7239] write(3, "1000", 4) = 4 [pid 7239] close(3) = 0 [pid 7239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7239] write(1, "executing program\n", 18) = 18 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7239] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7231] <... futex resumed>) = ? [pid 7239] <... clone3 resumed> => {parent_tid=[254]}, 88) = 254 ./strace-static-x86_64: Process 7240 attached [pid 7239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7239] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 477.527309][ T7238] loop1: detected capacity change from 0 to 4096 [pid 7240] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7240] <... rseq resumed>) = 0 [pid 7240] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7233] +++ killed by SIGSEGV (core dumped) +++ [pid 7231] +++ killed by SIGSEGV (core dumped) +++ [pid 7240] memfd_create("syzkaller", 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=252, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [pid 7240] <... memfd_create resumed>) = 3 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./120/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 7238] <... mount resumed>) = 0 [pid 5868] rmdir("./120" [pid 7238] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./121", 0777 [pid 7238] <... openat resumed>) = 3 [pid 7238] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7238] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7240] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7238] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7237] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7237] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7237] <... futex resumed>) = 0 [pid 7237] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 7238] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7238] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7238] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7237] <... futex resumed>) = 0 [pid 7237] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7238] <... futex resumed>) = 0 [pid 7238] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7237] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7238] <... openat resumed>) = 5 [pid 5871] <... umount2 resumed>) = 0 [pid 7238] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7237] <... futex resumed>) = 0 [pid 7237] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7237] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7238] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7238] <... write resumed>) = 1116 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7238] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7237] <... futex resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... close resumed>) = 0 [pid 7237] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7238] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0./strace-static-x86_64: Process 7241 attached ) = 0x200000000000 [pid 7238] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7237] <... futex resumed>) = 0 [pid 7237] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7238] <... futex resumed>) = 1 [pid 7238] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7238] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7237] <... futex resumed>) = 0 [pid 7237] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7237] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7238] <... futex resumed>) = 1 [pid 7238] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7241] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... openat resumed>) = 4 [pid 7241] <... set_robust_list resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 252 [pid 5871] newfstatat(4, "", [pid 7241] chdir("./121" [pid 7235] <... futex resumed>) = ? [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7241] <... chdir resumed>) = 0 [pid 5871] getdents64(4, [pid 7236] +++ killed by SIGSEGV (core dumped) +++ [pid 7241] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7235] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7241] <... prctl resumed>) = 0 [pid 5871] getdents64(4, [pid 7241] setpgid(0, 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=251, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- [pid 7241] <... setpgid resumed>) = 0 [pid 5871] close(4) = 0 [pid 5869] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] rmdir("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... openat resumed>) = 3 [pid 7241] <... openat resumed>) = 3 [pid 7240] <... write resumed>) = 2097152 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(3, "", [pid 7241] write(3, "1000", 4 [pid 7240] munmap(0x7f7017800000, 138412032 [pid 5871] newfstatat(AT_FDCWD, "./121/binderfs", [pid 7241] <... write resumed>) = 4 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7241] close(3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] getdents64(3, [pid 5871] unlink("./121/binderfs" [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... unlink resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7241] <... close resumed>) = 0 [pid 5871] getdents64(3, [pid 7241] symlink("/dev/binderfs", "./binderfs" [pid 7240] <... munmap resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7241] <... symlink resumed>) = 0 [pid 7240] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] close(3executing program [pid 7241] write(1, "executing program\n", 18 [pid 7240] <... openat resumed>) = 4 [pid 5871] <... close resumed>) = 0 [pid 7241] <... write resumed>) = 18 [pid 7240] ioctl(4, LOOP_SET_FD, 3 [pid 5871] rmdir("./121" [pid 7241] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] mkdir("./122", 0777 [pid 7241] <... futex resumed>) = 0 [pid 7241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... mkdir resumed>) = 0 [pid 7241] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7241] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7241] <... mprotect resumed>) = 0 [pid 5871] close(3 [pid 7241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7240] <... ioctl resumed>) = 0 [pid 7241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7242 attached => {parent_tid=[253]}, 88) = 253 [pid 7240] close(3 [pid 7241] rt_sigprocmask(SIG_SETMASK, [], [pid 7240] <... close resumed>) = 0 [pid 7242] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7241] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7240] close(4 [pid 7242] <... rseq resumed>) = 0 [pid 7241] <... futex resumed>) = 0 [pid 7240] <... close resumed>) = 0 [pid 7241] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7242] set_robust_list(0x7f701fd149a0, 24 [pid 7240] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7242] <... set_robust_list resumed>) = 0 [pid 7240] <... mkdir resumed>) = 0 [pid 7242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7242] memfd_create("syzkaller", 0 [ 477.891615][ T7240] loop4: detected capacity change from 0 to 4096 [pid 7240] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7242] <... memfd_create resumed>) = 3 [pid 7242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... close resumed>) = 0 [pid 7242] <... mmap resumed>) = 0x7f7017800000 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7243 attached [pid 7243] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 254 [pid 7243] <... set_robust_list resumed>) = 0 [pid 7243] chdir("./122") = 0 [pid 7243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7243] setpgid(0, 0) = 0 [pid 7243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5869] <... umount2 resumed>) = 0 [pid 7243] <... openat resumed>) = 3 [pid 5869] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7243] write(3, "1000", 4 [pid 5869] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7243] <... write resumed>) = 4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7243] close(3 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7243] <... close resumed>) = 0 [pid 5869] newfstatat(4, "", [pid 7243] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7243] <... symlink resumed>) = 0 [pid 5869] getdents64(4, [pid 7243] write(1, "executing program\n", 18 [pid 7242] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 executing program [pid 7243] <... write resumed>) = 18 [pid 5869] getdents64(4, [pid 7243] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 7243] <... futex resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7243] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7243] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./121/binderfs") = 0 [pid 5869] getdents64(3, [pid 7243] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7243] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5869] close(3) = 0 [pid 5869] rmdir("./121"./strace-static-x86_64: Process 7244 attached [pid 7244] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7243] <... clone3 resumed> => {parent_tid=[255]}, 88) = 255 [pid 5869] <... rmdir resumed>) = 0 [pid 7244] <... rseq resumed>) = 0 [pid 7243] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] mkdir("./122", 0777 [pid 7243] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 7243] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7243] <... futex resumed>) = 0 [pid 7244] set_robust_list(0x7f701fd149a0, 24 [pid 7243] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 3 [pid 7244] <... set_robust_list resumed>) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7244] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3 [pid 7244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7244] memfd_create("syzkaller", 0) = 3 [pid 7244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7240] <... mount resumed>) = 0 [pid 7237] <... futex resumed>) = ? [pid 7240] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7240] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7242] <... write resumed>) = 2097152 [pid 5869] <... close resumed>) = 0 [pid 7240] <... chdir resumed>) = 0 [pid 7240] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7242] munmap(0x7f7017800000, 138412032 [pid 7240] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7240] <... futex resumed>) = 1 [pid 7239] <... futex resumed>) = 0 [pid 7240] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7239] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7245 attached [pid 7238] +++ killed by SIGSEGV (core dumped) +++ [pid 7237] +++ killed by SIGSEGV (core dumped) +++ [pid 7245] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=257, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 253 [pid 7245] chdir("./122" [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7242] <... munmap resumed>) = 0 [pid 7245] <... chdir resumed>) = 0 [pid 7245] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7240] <... openat resumed>) = 4 [pid 5870] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7240] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7245] <... prctl resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7240] <... futex resumed>) = 1 [pid 7245] setpgid(0, 0 [pid 7242] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7239] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7245] <... setpgid resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7242] <... openat resumed>) = 4 [pid 7239] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7245] <... openat resumed>) = 3 [pid 5870] getdents64(3, [pid 7242] ioctl(4, LOOP_SET_FD, 3 [pid 7240] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7240] <... openat resumed>) = 5 [pid 7240] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7239] <... futex resumed>) = 0 [pid 7239] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7240] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7240] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7239] <... futex resumed>) = 0 [pid 7239] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7240] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7245] write(3, "1000", 4 [pid 7244] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7240] <... mmap resumed>) = 0x200000000000 [pid 7245] <... write resumed>) = 4 [pid 7240] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7245] close(3 [pid 7242] <... ioctl resumed>) = 0 [pid 7245] <... close resumed>) = 0 [pid 7245] symlink("/dev/binderfs", "./binderfs" [pid 7240] <... futex resumed>) = 1 [pid 7239] <... futex resumed>) = 0 [pid 7239] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7245] <... symlink resumed>) = 0 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7245] write(1, "executing program\n", 18 [pid 7242] close(3 [pid 7240] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7245] <... write resumed>) = 18 [pid 7242] <... close resumed>) = 0 [pid 7240] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7245] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7242] close(4 [pid 7245] <... futex resumed>) = 0 [pid 7242] <... close resumed>) = 0 [pid 7240] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7242] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7240] <... futex resumed>) = 1 [pid 7239] <... futex resumed>) = 0 [pid 7239] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 478.203018][ T7242] loop0: detected capacity change from 0 to 4096 [pid 7239] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7245] <... mmap resumed>) = 0x7f701fcf4000 [pid 7242] <... mkdir resumed>) = 0 [pid 7240] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7245] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7242] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7245] <... mprotect resumed>) = 0 [pid 7245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7246 attached [pid 7246] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7245] <... clone3 resumed> => {parent_tid=[254]}, 88) = 254 [pid 7246] <... rseq resumed>) = 0 [pid 7245] rt_sigprocmask(SIG_SETMASK, [], [pid 7246] set_robust_list(0x7f701fd149a0, 24 [pid 7245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7246] <... set_robust_list resumed>) = 0 [pid 7245] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7246] rt_sigprocmask(SIG_SETMASK, [], [pid 7245] <... futex resumed>) = 0 [pid 7246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7245] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7246] memfd_create("syzkaller", 0) = 3 [pid 7244] <... write resumed>) = 2097152 [pid 7246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7244] munmap(0x7f7017800000, 138412032) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 7244] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5870] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7244] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./121/binderfs") = 0 [pid 7246] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./121") = 0 [pid 5870] mkdir("./122", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7244] <... ioctl resumed>) = 0 [ 478.375946][ T7244] loop3: detected capacity change from 0 to 4096 [pid 7244] close(3) = 0 [pid 7244] close(4) = 0 [pid 7244] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7244] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7247 attached [pid 7247] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 259 [pid 7247] chdir("./122" [pid 7246] <... write resumed>) = 2097152 [pid 7247] <... chdir resumed>) = 0 [pid 7247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7247] setpgid(0, 0) = 0 [pid 7247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7246] munmap(0x7f7017800000, 138412032 [pid 7247] <... openat resumed>) = 3 [pid 7247] write(3, "1000", 4) = 4 [pid 7247] close(3) = 0 executing program [pid 7247] symlink("/dev/binderfs", "./binderfs" [pid 7242] <... mount resumed>) = 0 [pid 7242] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7247] <... symlink resumed>) = 0 [pid 7242] <... openat resumed>) = 3 [pid 7247] write(1, "executing program\n", 18 [pid 7242] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7247] <... write resumed>) = 18 [pid 7242] <... chdir resumed>) = 0 [pid 7242] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7247] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7246] <... munmap resumed>) = 0 [pid 7242] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7242] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7247] <... futex resumed>) = 0 [pid 7242] <... futex resumed>) = 1 [pid 7241] <... futex resumed>) = 0 [pid 7242] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7241] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7241] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7247] <... mmap resumed>) = 0x7f701fcf4000 [pid 7247] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7246] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7247] <... mprotect resumed>) = 0 [pid 7246] <... openat resumed>) = 4 [pid 7246] ioctl(4, LOOP_SET_FD, 3 [pid 7247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7248 attached [pid 7242] <... openat resumed>) = 4 [pid 7247] <... clone3 resumed> => {parent_tid=[260]}, 88) = 260 [pid 7248] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7247] rt_sigprocmask(SIG_SETMASK, [], [pid 7248] <... rseq resumed>) = 0 [pid 7247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7242] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7248] set_robust_list(0x7f701fd149a0, 24 [pid 7247] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7242] <... futex resumed>) = 1 [pid 7241] <... futex resumed>) = 0 [pid 7248] <... set_robust_list resumed>) = 0 [pid 7247] <... futex resumed>) = 0 [pid 7242] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7241] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7248] rt_sigprocmask(SIG_SETMASK, [], [pid 7247] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7241] <... futex resumed>) = 0 [pid 7248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7242] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7241] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7248] memfd_create("syzkaller", 0 [pid 7242] <... openat resumed>) = 5 [pid 7248] <... memfd_create resumed>) = 3 [pid 7242] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7241] <... futex resumed>) = 0 [pid 7241] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7241] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7242] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7248] <... mmap resumed>) = 0x7f7017800000 [pid 7242] <... write resumed>) = 1116 [pid 7242] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7241] <... futex resumed>) = 0 [pid 7241] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7241] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7246] <... ioctl resumed>) = 0 [pid 7242] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7242] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7241] <... futex resumed>) = 0 [pid 7241] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7241] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7246] close(3) = 0 [pid 7242] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7246] close(4 [pid 7242] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7246] <... close resumed>) = 0 [pid 7242] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7246] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7242] <... futex resumed>) = 1 [pid 7241] <... futex resumed>) = 0 [pid 7241] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7246] <... mkdir resumed>) = 0 [ 478.553740][ T7246] loop2: detected capacity change from 0 to 4096 [pid 7241] <... futex resumed>) = 0 [pid 7246] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7242] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7248] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7244] <... mount resumed>) = 0 [pid 7244] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7244] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7244] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7244] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7244] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7243] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7239] <... futex resumed>) = ? [pid 7244] <... openat resumed>) = 4 [pid 7244] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7244] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7240] +++ killed by SIGSEGV (core dumped) +++ [pid 7239] +++ killed by SIGSEGV (core dumped) +++ [pid 7244] <... openat resumed>) = 5 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=253, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7244] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7244] <... futex resumed>) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7244] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7244] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7244] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7244] <... futex resumed>) = 0 [pid 7244] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7244] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7244] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7244] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7243] <... futex resumed>) = 0 [pid 7243] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7243] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7244] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7248] <... write resumed>) = 2097152 [pid 7246] <... mount resumed>) = 0 [pid 7246] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7248] munmap(0x7f7017800000, 138412032 [pid 7246] <... openat resumed>) = 3 [pid 7246] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7246] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7248] <... munmap resumed>) = 0 [pid 7246] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] <... umount2 resumed>) = 0 [pid 7246] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7245] <... futex resumed>) = 0 [pid 7245] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7245] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7246] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7248] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7248] ioctl(4, LOOP_SET_FD, 3 [pid 5872] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./121/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./121") = 0 [pid 5872] mkdir("./122", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7248] <... ioctl resumed>) = 0 [pid 7246] <... openat resumed>) = 4 [pid 7245] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7245] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7248] close(3 [pid 7246] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7245] <... futex resumed>) = 0 [pid 7248] <... close resumed>) = 0 [pid 7245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7248] close(4) = 0 [pid 7245] <... mmap resumed>) = 0x7f701fcd3000 [pid 7245] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7248] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7248] <... mkdir resumed>) = 0 [pid 7245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} [pid 7248] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7246] <... futex resumed>) = 0 [ 478.840482][ T7248] loop1: detected capacity change from 0 to 4096 ./strace-static-x86_64: Process 7249 attached [pid 7246] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7249] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7245] <... clone3 resumed> => {parent_tid=[255]}, 88) = 255 [pid 7249] <... rseq resumed>) = 0 [pid 7249] set_robust_list(0x7f701fcf39a0, 24 [pid 7245] rt_sigprocmask(SIG_SETMASK, [], [pid 7249] <... set_robust_list resumed>) = 0 [pid 7245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7249] rt_sigprocmask(SIG_SETMASK, [], [pid 7245] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7245] <... futex resumed>) = 0 [pid 7245] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7249] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7249] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7245] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7249] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7245] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7246] <... futex resumed>) = 0 [pid 7245] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7246] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7246] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 255 ./strace-static-x86_64: Process 7250 attached [pid 7250] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7250] chdir("./122") = 0 [pid 7250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7250] setpgid(0, 0) = 0 [pid 7246] <... futex resumed>) = 1 [pid 7245] <... futex resumed>) = 0 [pid 7250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7250] write(3, "1000", 4 [pid 7246] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7245] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7250] <... write resumed>) = 4 [pid 7245] <... futex resumed>) = 0 [pid 7250] close(3executing program ) = 0 [pid 7246] <... mmap resumed>) = 0x200000000000 [pid 7245] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7250] write(1, "executing program\n", 18) = 18 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7248] <... mount resumed>) = 0 [pid 7246] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7246] <... futex resumed>) = 1 [pid 7250] <... mmap resumed>) = 0x7f701fcf4000 [pid 7246] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7245] <... futex resumed>) = 0 [pid 7250] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7245] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7250] <... mprotect resumed>) = 0 [pid 7250] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7246] <... futex resumed>) = 0 [pid 7245] <... futex resumed>) = 1 [pid 7250] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7248] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7245] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7248] <... openat resumed>) = 3 [pid 7246] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7246] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7245] <... futex resumed>) = 0 [pid 7250] <... clone3 resumed> => {parent_tid=[256]}, 88) = 256 [pid 7246] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7245] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7251 attached [pid 7250] rt_sigprocmask(SIG_SETMASK, [], [pid 7246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7245] <... futex resumed>) = 0 [pid 7251] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7246] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7251] <... rseq resumed>) = 0 [pid 7250] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7248] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7251] set_robust_list(0x7f701fd149a0, 24 [pid 7250] <... futex resumed>) = 0 [pid 7251] <... set_robust_list resumed>) = 0 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7251] memfd_create("syzkaller", 0) = 3 [pid 7251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7248] <... chdir resumed>) = 0 [pid 7248] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7248] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7247] <... futex resumed>) = 0 [pid 7248] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7247] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7247] <... futex resumed>) = 0 [pid 7248] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7247] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7248] <... openat resumed>) = 4 [pid 7248] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7242] +++ killed by SIGSEGV (core dumped) +++ [pid 7241] +++ killed by SIGSEGV (core dumped) +++ [pid 7248] <... futex resumed>) = 1 [pid 7247] <... futex resumed>) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=252, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 7248] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7247] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7247] <... futex resumed>) = 0 [pid 7248] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7247] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7248] <... openat resumed>) = 5 [pid 5868] <... restart_syscall resumed>) = 0 [pid 7248] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7247] <... futex resumed>) = 0 [pid 7248] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7247] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7248] <... write resumed>) = 1116 [pid 7247] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7247] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7251] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... openat resumed>) = 3 [pid 7248] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(3, "", [pid 7248] <... futex resumed>) = 1 [pid 7247] <... futex resumed>) = 0 [pid 7248] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7247] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7248] <... mmap resumed>) = 0x200000000000 [pid 7247] <... futex resumed>) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7247] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7248] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7247] <... futex resumed>) = 0 [pid 7248] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7247] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7247] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7248] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7248] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7247] <... futex resumed>) = 0 [pid 7248] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7247] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7243] <... futex resumed>) = ? [pid 7244] +++ killed by SIGSEGV (core dumped) +++ [pid 7243] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=254, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5871] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7251] <... write resumed>) = 2097152 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7251] munmap(0x7f7017800000, 138412032) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7251] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7251] ioctl(4, LOOP_SET_FD, 3) = 0 [ 479.271955][ T7251] loop4: detected capacity change from 0 to 4096 [pid 7251] close(3 [pid 5868] <... umount2 resumed>) = 0 [pid 7251] <... close resumed>) = 0 [pid 7251] close(4) = 0 [pid 7251] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7251] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./121/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./121") = 0 [pid 5868] mkdir("./122", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5871] <... umount2 resumed>) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 5871] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7249] <... futex resumed>) = ? [pid 7249] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7246] +++ killed by SIGSEGV (core dumped) +++ [pid 7245] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=253, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5871] newfstatat(4, "", [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 5869] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] close(4 [pid 5869] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... close resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5871] rmdir("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] newfstatat(3, "", [pid 5871] <... rmdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] getdents64(3, [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] newfstatat(AT_FDCWD, "./122/binderfs", [pid 5869] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./122/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./122") = 0 [pid 5871] mkdir("./123", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7252 attached [pid 7252] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 254 [pid 7252] <... set_robust_list resumed>) = 0 [pid 7252] chdir("./122") = 0 [pid 7251] <... mount resumed>) = 0 [pid 7251] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7251] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7251] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7252] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7251] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7252] <... prctl resumed>) = 0 [pid 7251] <... futex resumed>) = 1 [pid 7250] <... futex resumed>) = 0 [pid 7250] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7251] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7252] setpgid(0, 0) = 0 [pid 7252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] <... close resumed>) = 0 [pid 7252] write(3, "1000", 4 [pid 7247] <... futex resumed>) = ? [pid 7252] <... write resumed>) = 4 [pid 7252] close(3) = 0 [pid 7252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7251] <... openat resumed>) = 4 [pid 7251] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7252] write(1, "executing program\n", 18 [pid 7251] <... futex resumed>) = 1 [pid 7250] <... futex resumed>) = 0 [pid 7250] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7251] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000executing program [pid 7252] <... write resumed>) = 18 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 256 [pid 7252] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7251] <... openat resumed>) = 5 [pid 7252] <... futex resumed>) = 0 [pid 7252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 7253 attached ) = 0x7f701fcf4000 [pid 7253] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7253] chdir("./123" [pid 7248] +++ killed by SIGSEGV (core dumped) +++ [pid 7247] +++ killed by SIGSEGV (core dumped) +++ [pid 7252] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7253] <... chdir resumed>) = 0 [pid 7253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7253] setpgid(0, 0) = 0 [pid 7253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7252] <... mprotect resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=259, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 7253] write(3, "1000", 4) = 4 [pid 7252] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] restart_syscall(<... resuming interrupted clone ...>executing program [pid 7253] close(3 [pid 7252] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7251] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7253] <... close resumed>) = 0 [pid 7252] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7251] <... futex resumed>) = 1 [pid 7253] symlink("/dev/binderfs", "./binderfs" [pid 7250] <... futex resumed>) = 0 [pid 7253] <... symlink resumed>) = 0 [pid 7250] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7253] write(1, "executing program\n", 18 [pid 7250] <... futex resumed>) = 0 [pid 7253] <... write resumed>) = 18 [pid 7251] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7252] <... clone3 resumed> => {parent_tid=[255]}, 88) = 255 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7252] rt_sigprocmask(SIG_SETMASK, [], [pid 7253] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7251] <... write resumed>) = 1116 [pid 5870] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7254 attached [pid 7253] <... futex resumed>) = 0 [pid 7253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7253] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7254] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7253] <... mprotect resumed>) = 0 [pid 7254] <... rseq resumed>) = 0 [pid 7253] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7252] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7251] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 7254] set_robust_list(0x7f701fd149a0, 24 [pid 7253] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7252] <... futex resumed>) = 0 [pid 7251] <... futex resumed>) = 1 [pid 7250] <... futex resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 7252] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7251] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7250] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7253] <... clone3 resumed> => {parent_tid=[257]}, 88) = 257 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7255 attached [pid 7254] <... set_robust_list resumed>) = 0 [pid 7253] rt_sigprocmask(SIG_SETMASK, [], [pid 7251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7253] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7253] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7254] rt_sigprocmask(SIG_SETMASK, [], [pid 7251] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5870] getdents64(3, [pid 7255] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7251] <... mmap resumed>) = 0x200000000000 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7255] <... rseq resumed>) = 0 [pid 7254] memfd_create("syzkaller", 0 [pid 7251] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7251] <... futex resumed>) = 1 [pid 7255] set_robust_list(0x7f701fd149a0, 24 [pid 7250] <... futex resumed>) = 0 [pid 7255] <... set_robust_list resumed>) = 0 [pid 7250] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7255] rt_sigprocmask(SIG_SETMASK, [], [pid 7250] <... futex resumed>) = 0 [pid 7255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] memfd_create("syzkaller", 0) = 3 [pid 7254] <... memfd_create resumed>) = 3 [pid 7251] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7251] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7251] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7251] <... futex resumed>) = 1 [pid 7255] <... mmap resumed>) = 0x7f7017800000 [pid 7250] <... futex resumed>) = 0 [pid 7251] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7250] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7250] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./122/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./122") = 0 [pid 5869] mkdir("./123", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7255] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7254] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... close resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7256 attached executing program , child_tidptr=0x55557616a690) = 256 [pid 7256] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7256] chdir("./123") = 0 [pid 7256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7256] setpgid(0, 0) = 0 [pid 7256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7256] write(3, "1000", 4) = 4 [pid 7256] close(3) = 0 [pid 7256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7256] write(1, "executing program\n", 18) = 18 [pid 7256] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7256] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7255] <... write resumed>) = 2097152 [pid 7254] <... write resumed>) = 2097152 [pid 5870] <... umount2 resumed>) = 0 [pid 7256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7256] <... clone3 resumed> => {parent_tid=[257]}, 88) = 257 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7256] rt_sigprocmask(SIG_SETMASK, [], [pid 7254] munmap(0x7f7017800000, 138412032 [pid 7256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7257 attached [pid 7256] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7254] <... munmap resumed>) = 0 [pid 7256] <... futex resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7256] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7255] munmap(0x7f7017800000, 138412032 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7257] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7257] <... rseq resumed>) = 0 [pid 7257] set_robust_list(0x7f701fd149a0, 24 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 7257] <... set_robust_list resumed>) = 0 [pid 7257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7257] memfd_create("syzkaller", 0 [pid 5870] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./122/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./122") = 0 [pid 5870] mkdir("./123", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7255] <... munmap resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7257] <... memfd_create resumed>) = 3 [pid 7254] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] <... ioctl resumed>) = 0 [pid 7257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] close(3 [pid 7257] <... mmap resumed>) = 0x7f7017800000 [pid 7254] <... openat resumed>) = 4 [pid 7255] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7254] ioctl(4, LOOP_SET_FD, 3 [pid 7255] <... openat resumed>) = 4 [pid 7254] <... ioctl resumed>) = 0 [pid 7255] ioctl(4, LOOP_SET_FD, 3 [pid 7254] close(3) = 0 [pid 7254] close(4) = 0 [pid 7254] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7254] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7258 attached [pid 7258] set_robust_list(0x55557616a6a0, 24 [pid 7255] <... ioctl resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 261 [pid 7258] <... set_robust_list resumed>) = 0 [pid 7255] close(3 [pid 7258] chdir("./123" [pid 7255] <... close resumed>) = 0 [pid 7258] <... chdir resumed>) = 0 [ 479.898495][ T7254] loop0: detected capacity change from 0 to 4096 [ 479.933180][ T7255] loop3: detected capacity change from 0 to 4096 [pid 7257] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7255] close(4 [pid 7258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7258] setpgid(0, 0) = 0 [pid 7255] <... close resumed>) = 0 [pid 7258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7255] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7255] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7258] <... openat resumed>) = 3 [pid 7258] write(3, "1000", 4) = 4 executing program [pid 7258] close(3) = 0 [pid 7258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7258] write(1, "executing program\n", 18) = 18 [pid 7258] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7258] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7258] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7259 attached => {parent_tid=[262]}, 88) = 262 [pid 7258] rt_sigprocmask(SIG_SETMASK, [], [pid 7259] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7258] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7259] <... rseq resumed>) = 0 [pid 7259] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7259] memfd_create("syzkaller", 0) = 3 [pid 7259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7254] <... mount resumed>) = 0 [pid 7254] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7257] <... write resumed>) = 2097152 [pid 7254] <... openat resumed>) = 3 [pid 7254] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7254] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7254] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7252] <... futex resumed>) = 0 [pid 7252] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7250] <... futex resumed>) = ? [pid 7251] +++ killed by SIGSEGV (core dumped) +++ [pid 7252] <... futex resumed>) = 1 [pid 7250] +++ killed by SIGSEGV (core dumped) +++ [pid 7254] <... futex resumed>) = 0 [pid 7252] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=255, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7254] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] newfstatat(3, "", [pid 7255] <... mount resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7255] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7254] <... openat resumed>) = 4 [pid 5872] getdents64(3, [pid 7255] <... openat resumed>) = 3 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7255] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7255] <... chdir resumed>) = 0 [pid 7255] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7257] munmap(0x7f7017800000, 138412032 [pid 7255] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7255] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7254] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7255] <... futex resumed>) = 1 [pid 7253] <... futex resumed>) = 0 [pid 7255] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7254] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7253] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7252] <... futex resumed>) = 0 [pid 7253] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7252] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7254] <... futex resumed>) = 0 [pid 7252] <... futex resumed>) = 1 [pid 7252] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] <... munmap resumed>) = 0 [pid 7254] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7257] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7259] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7257] ioctl(4, LOOP_SET_FD, 3 [pid 7255] <... openat resumed>) = 4 [pid 7254] <... openat resumed>) = 5 [pid 7255] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7253] <... futex resumed>) = 0 [pid 7253] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7253] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7254] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7257] <... ioctl resumed>) = 0 [pid 7252] <... futex resumed>) = 0 [pid 7254] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7252] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7257] close(3) = 0 [pid 7254] <... write resumed>) = 1116 [pid 7252] <... futex resumed>) = 0 [pid 7254] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7252] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] close(4 [pid 7254] <... futex resumed>) = 0 [pid 7254] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7257] <... close resumed>) = 0 [pid 7252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7257] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7252] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7257] <... mkdir resumed>) = 0 [pid 7252] <... futex resumed>) = 1 [pid 7257] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7252] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] <... openat resumed>) = 5 [pid 7254] <... futex resumed>) = 0 [pid 7254] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7255] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7254] <... mmap resumed>) = 0x200000000000 [pid 7255] <... futex resumed>) = 1 [pid 7254] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7253] <... futex resumed>) = 0 [pid 7255] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7254] <... futex resumed>) = 1 [pid 7253] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7252] <... futex resumed>) = 0 [pid 7255] <... write resumed>) = 1116 [pid 7254] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7253] <... futex resumed>) = 0 [ 480.133069][ T7257] loop2: detected capacity change from 0 to 4096 [pid 7255] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7253] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] <... futex resumed>) = 0 [pid 7253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7255] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7253] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7252] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7254] <... futex resumed>) = 0 [pid 7253] <... futex resumed>) = 0 [pid 7252] <... futex resumed>) = 1 [pid 7255] <... mmap resumed>) = 0x200000000000 [pid 7254] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7253] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7254] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7252] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] <... futex resumed>) = 1 [pid 7254] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7253] <... futex resumed>) = 0 [pid 7255] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7254] <... futex resumed>) = 1 [pid 7253] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7255] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7254] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7253] <... futex resumed>) = 0 [pid 7253] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7253] <... futex resumed>) = 0 [pid 7253] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7253] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7255] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7252] <... futex resumed>) = 0 [pid 7252] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7252] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7254] <... futex resumed>) = 0 [pid 7254] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7259] <... write resumed>) = 2097152 [pid 7259] munmap(0x7f7017800000, 138412032) = 0 [pid 7259] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7259] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... umount2 resumed>) = 0 [pid 7259] <... ioctl resumed>) = 0 [pid 7259] close(3) = 0 [pid 7259] close(4) = 0 [pid 7259] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7259] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 480.291232][ T7259] loop1: detected capacity change from 0 to 4096 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7257] <... mount resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7257] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7257] <... openat resumed>) = 3 [pid 5872] unlink("./122/binderfs" [pid 7257] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] <... unlink resumed>) = 0 [pid 5872] getdents64(3, [pid 7257] <... chdir resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 7257] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... close resumed>) = 0 [pid 7257] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7257] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] rmdir("./122" [pid 7257] <... futex resumed>) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... rmdir resumed>) = 0 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] mkdir("./123", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7257] <... openat resumed>) = 4 [pid 7257] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7257] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] <... openat resumed>) = 5 [pid 7257] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7257] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7256] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7257] <... write resumed>) = 1116 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7257] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7257] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7256] <... futex resumed>) = 0 [pid 7256] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7256] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7257] <... futex resumed>) = 1 [pid 7257] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7260 attached [pid 7260] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 257 [pid 7260] <... set_robust_list resumed>) = 0 [pid 7260] chdir("./123") = 0 [pid 7260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7260] setpgid(0, 0) = 0 [pid 7260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7259] <... mount resumed>) = 0 [pid 7260] <... openat resumed>) = 3 [pid 7259] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7260] write(3, "1000", 4 [pid 7259] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7259] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7260] <... write resumed>) = 4 [pid 7259] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7260] close(3 [pid 7259] <... futex resumed>) = 1 [pid 7258] <... futex resumed>) = 0 [pid 7258] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7260] <... close resumed>) = 0 [pid 7258] <... futex resumed>) = 0 [pid 7260] symlink("/dev/binderfs", "./binderfs" [pid 7259] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7258] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7260] <... symlink resumed>) = 0 executing program [pid 7260] write(1, "executing program\n", 18) = 18 [pid 7260] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7260] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7259] <... openat resumed>) = 4 [pid 7260] <... mprotect resumed>) = 0 [pid 7260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7259] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7258] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7258] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7261 attached [pid 7259] <... futex resumed>) = 0 [pid 7258] <... futex resumed>) = 0 [pid 7261] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7259] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7258] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7261] <... rseq resumed>) = 0 [pid 7261] set_robust_list(0x7f701fd149a0, 24 [pid 7260] <... clone3 resumed> => {parent_tid=[258]}, 88) = 258 [pid 7259] <... openat resumed>) = 5 [pid 7261] <... set_robust_list resumed>) = 0 [pid 7260] rt_sigprocmask(SIG_SETMASK, [], [pid 7261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7260] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7253] <... futex resumed>) = ? [pid 7261] memfd_create("syzkaller", 0 [pid 7260] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7259] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7258] <... futex resumed>) = 0 [pid 7259] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7258] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7259] <... write resumed>) = 1116 [pid 7259] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7261] <... memfd_create resumed>) = 3 [pid 7261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7259] <... futex resumed>) = 1 [pid 7258] <... futex resumed>) = 0 [pid 7255] +++ killed by SIGSEGV (core dumped) +++ [pid 7253] +++ killed by SIGSEGV (core dumped) +++ [pid 7258] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=256, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 7261] <... mmap resumed>) = 0x7f7017800000 [pid 7259] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7258] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7259] <... mmap resumed>) = 0x200000000000 [pid 5871] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", [pid 7259] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7259] <... futex resumed>) = 1 [pid 7258] <... futex resumed>) = 0 [pid 7252] <... futex resumed>) = ? [pid 7259] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7258] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7258] <... futex resumed>) = 0 [pid 7258] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7259] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7254] +++ killed by SIGSEGV (core dumped) +++ [pid 7252] +++ killed by SIGSEGV (core dumped) +++ [pid 7258] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7259] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=254, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 7258] <... futex resumed>) = 0 [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7261] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... umount2 resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7261] <... write resumed>) = 2097152 [pid 5871] unlink("./123/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./123") = 0 [pid 5871] mkdir("./124", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7261] munmap(0x7f7017800000, 138412032) = 0 [pid 7256] <... futex resumed>) = ? [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7261] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] umount2("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7261] <... openat resumed>) = 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7261] ioctl(4, LOOP_SET_FD, 3 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7257] +++ killed by SIGSEGV (core dumped) +++ [pid 7256] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=256, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] close(4 [pid 5871] <... close resumed>) = 0 [pid 7261] <... ioctl resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] rmdir("\x2e\x2f\x31\x32\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... openat resumed>) = 3 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] newfstatat(3, "", [pid 5868] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 258 [pid 5869] getdents64(3, [pid 5868] newfstatat(AT_FDCWD, "./122/binderfs", [pid 7261] close(3 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7262 attached [pid 7261] <... close resumed>) = 0 [pid 5868] unlink("./122/binderfs" [pid 7261] close(4 [pid 5868] <... unlink resumed>) = 0 [pid 7262] set_robust_list(0x55557616a6a0, 24 [pid 5868] getdents64(3, [pid 7262] <... set_robust_list resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7262] chdir("./124" [pid 7261] <... close resumed>) = 0 [pid 5868] close(3 [pid 7261] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5868] <... close resumed>) = 0 [pid 7261] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] rmdir("./122" [pid 7262] <... chdir resumed>) = 0 [pid 7262] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... rmdir resumed>) = 0 [pid 7262] <... prctl resumed>) = 0 [pid 5868] mkdir("./123", 0777 [ 480.992335][ T7261] loop4: detected capacity change from 0 to 4096 [pid 7262] setpgid(0, 0) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7262] <... openat resumed>) = 3 [pid 7262] write(3, "1000", 4 [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 7262] <... write resumed>) = 4 [pid 7262] close(3) = 0 [pid 7262] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7262] write(1, "executing program\n", 18) = 18 [pid 7262] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5868] <... close resumed>) = 0 [pid 7262] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7262] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 7263 attached [pid 7262] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7263] set_robust_list(0x55557616a6a0, 24 [pid 7262] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 256 [pid 7263] <... set_robust_list resumed>) = 0 [pid 7262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7264 attached => {parent_tid=[259]}, 88) = 259 [pid 7264] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7263] chdir("./123" [pid 7262] rt_sigprocmask(SIG_SETMASK, [], [pid 7264] <... rseq resumed>) = 0 [pid 7262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7264] set_robust_list(0x7f701fd149a0, 24 [pid 7262] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] <... set_robust_list resumed>) = 0 [pid 7262] <... futex resumed>) = 0 [pid 7264] rt_sigprocmask(SIG_SETMASK, [], [pid 7261] <... mount resumed>) = 0 [pid 7264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7262] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7261] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7264] memfd_create("syzkaller", 0 [pid 7263] <... chdir resumed>) = 0 [pid 7261] <... openat resumed>) = 3 [pid 7261] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7263] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7261] <... chdir resumed>) = 0 [pid 7261] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7263] <... prctl resumed>) = 0 [pid 7261] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7261] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7260] <... futex resumed>) = 0 [pid 7263] setpgid(0, 0 [pid 7261] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7259] +++ killed by SIGSEGV (core dumped) +++ [pid 7258] +++ killed by SIGSEGV (core dumped) +++ [pid 7264] <... memfd_create resumed>) = 3 [pid 7263] <... setpgid resumed>) = 0 [pid 7260] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=261, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 7261] <... futex resumed>) = 0 [pid 7260] <... futex resumed>) = 1 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7261] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7260] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7263] <... openat resumed>) = 3 [pid 7261] <... openat resumed>) = 4 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7263] write(3, "1000", 4 [pid 7261] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7263] <... write resumed>) = 4 [pid 7263] close(3 [pid 7261] <... futex resumed>) = 1 [pid 7260] <... futex resumed>) = 0 [pid 5870] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7263] <... close resumed>) = 0 [pid 7261] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7260] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7263] symlink("/dev/binderfs", "./binderfs" [pid 7261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7260] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7261] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7260] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7263] <... symlink resumed>) = 0 [pid 5870] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 7263] write(1, "executing program\n", 18 [pid 7261] <... openat resumed>) = 5 [pid 5870] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = 0 [pid 7263] <... write resumed>) = 18 [pid 7261] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(3, "", [pid 7263] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7261] <... futex resumed>) = 1 [pid 7260] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7263] <... futex resumed>) = 0 [pid 7263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7260] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7263] <... mmap resumed>) = 0x7f701fcf4000 [pid 7260] <... futex resumed>) = 0 [pid 7260] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7263] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7261] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7263] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7261] <... write resumed>) = 1116 [pid 7261] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7263] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7261] <... futex resumed>) = 1 [pid 7260] <... futex resumed>) = 0 [pid 7260] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7261] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7260] <... futex resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7260] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7265 attached [pid 7263] <... clone3 resumed> => {parent_tid=[257]}, 88) = 257 [pid 7261] <... mmap resumed>) = 0x200000000000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7265] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7263] rt_sigprocmask(SIG_SETMASK, [], [pid 7261] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7265] <... rseq resumed>) = 0 [pid 7263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7261] <... futex resumed>) = 1 [pid 7260] <... futex resumed>) = 0 [pid 7265] set_robust_list(0x7f701fd149a0, 24 [pid 7263] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7261] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7260] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7265] <... set_robust_list resumed>) = 0 [pid 7263] <... futex resumed>) = 0 [pid 7261] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7260] <... futex resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7265] rt_sigprocmask(SIG_SETMASK, [], [pid 7264] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7263] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7261] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7260] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7261] <... futex resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7265] memfd_create("syzkaller", 0 [pid 7261] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7260] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7260] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 4 [pid 7261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7265] <... memfd_create resumed>) = 3 [pid 7261] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5869] newfstatat(4, "", [pid 7265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7265] <... mmap resumed>) = 0x7f7017800000 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./123/binderfs") = 0 [pid 5869] getdents64(3, [pid 5870] <... umount2 resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./123") = 0 [pid 5869] mkdir("./124", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7265] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7264] <... write resumed>) = 2097152 [pid 5870] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7264] munmap(0x7f7017800000, 138412032 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7264] <... munmap resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7264] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7264] <... openat resumed>) = 4 [pid 7264] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] <... close resumed>) = 0 [pid 7264] <... ioctl resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7264] close(3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7264] <... close resumed>) = 0 [pid 5870] getdents64(4, [pid 7264] close(4 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7264] <... close resumed>) = 0 [pid 5870] getdents64(4, [pid 7264] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7264] <... mkdir resumed>) = 0 [pid 5870] close(4./strace-static-x86_64: Process 7266 attached [pid 7265] <... write resumed>) = 2097152 [pid 7264] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 258 [pid 7266] set_robust_list(0x55557616a6a0, 24 [pid 5870] <... rmdir resumed>) = 0 [pid 7266] <... set_robust_list resumed>) = 0 [ 481.378509][ T7264] loop3: detected capacity change from 0 to 4096 [pid 7266] chdir("./124" [pid 5870] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7266] <... chdir resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7266] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] newfstatat(AT_FDCWD, "./123/binderfs", [pid 7266] <... prctl resumed>) = 0 [pid 7266] setpgid(0, 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7266] <... setpgid resumed>) = 0 [pid 5870] unlink("./123/binderfs") = 0 [pid 7266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7265] munmap(0x7f7017800000, 138412032 [pid 5870] getdents64(3, [pid 7266] <... openat resumed>) = 3 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7266] write(3, "1000", 4 [pid 5870] close(3) = 0 [pid 7266] <... write resumed>) = 4 [pid 5870] rmdir("./123" [pid 7266] close(3 [pid 5870] <... rmdir resumed>) = 0 [pid 7266] <... close resumed>) = 0 [pid 5870] mkdir("./124", 0777executing program [pid 7266] symlink("/dev/binderfs", "./binderfs" [pid 7265] <... munmap resumed>) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 7266] <... symlink resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7266] write(1, "executing program\n", 18 [pid 5870] <... openat resumed>) = 3 [pid 7266] <... write resumed>) = 18 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7266] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... ioctl resumed>) = 0 [pid 7266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7265] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] close(3 [pid 7266] <... mmap resumed>) = 0x7f701fcf4000 [pid 7266] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7265] <... openat resumed>) = 4 [pid 7266] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7265] ioctl(4, LOOP_SET_FD, 3 [pid 7266] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7267 attached => {parent_tid=[259]}, 88) = 259 [pid 7267] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7266] rt_sigprocmask(SIG_SETMASK, [], [pid 7267] <... rseq resumed>) = 0 [pid 7266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7266] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7267] set_robust_list(0x7f701fd149a0, 24 [pid 7266] <... futex resumed>) = 0 [pid 7267] <... set_robust_list resumed>) = 0 [pid 7266] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7267] memfd_create("syzkaller", 0 [pid 7265] <... ioctl resumed>) = 0 [pid 7267] <... memfd_create resumed>) = 3 [pid 7265] close(3 [pid 5870] <... close resumed>) = 0 [pid 7267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7265] <... close resumed>) = 0 [pid 7267] <... mmap resumed>) = 0x7f7017800000 [pid 7265] close(4) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7265] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777./strace-static-x86_64: Process 7268 attached ) = 0 [pid 7265] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 263 [pid 7268] set_robust_list(0x55557616a6a0, 24) = 0 [ 481.470976][ T7265] loop0: detected capacity change from 0 to 4096 [pid 7268] chdir("./124") = 0 [pid 7268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7268] setpgid(0, 0) = 0 [pid 7268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7268] write(3, "1000", 4) = 4 [pid 7268] close(3) = 0 [pid 7264] <... mount resumed>) = 0 [pid 7264] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7264] <... openat resumed>) = 3 [pid 7264] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7268] write(1, "executing program\n", 18executing program ) = 18 [pid 7264] <... chdir resumed>) = 0 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7268] <... futex resumed>) = 0 [pid 7268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7264] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7268] <... mmap resumed>) = 0x7f701fcf4000 [pid 7264] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7264] <... futex resumed>) = 1 [pid 7262] <... futex resumed>) = 0 [pid 7264] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7262] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7268] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7262] <... futex resumed>) = 0 [pid 7262] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7268] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7269 attached [pid 7269] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7268] <... clone3 resumed> => {parent_tid=[264]}, 88) = 264 [pid 7269] <... rseq resumed>) = 0 [pid 7268] rt_sigprocmask(SIG_SETMASK, [], [pid 7269] set_robust_list(0x7f701fd149a0, 24 [pid 7268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7267] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7269] <... set_robust_list resumed>) = 0 [pid 7268] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] rt_sigprocmask(SIG_SETMASK, [], [pid 7268] <... futex resumed>) = 0 [pid 7264] <... openat resumed>) = 4 [pid 7269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7269] memfd_create("syzkaller", 0 [pid 7264] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7262] <... futex resumed>) = 0 [pid 7269] <... memfd_create resumed>) = 3 [pid 7264] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7262] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7262] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7264] <... openat resumed>) = 5 [pid 7264] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7260] <... futex resumed>) = ? [pid 7264] <... futex resumed>) = 1 [pid 7262] <... futex resumed>) = 0 [pid 7262] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7264] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7262] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7264] <... write resumed>) = 1116 [pid 7264] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7262] <... futex resumed>) = 0 [pid 7262] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7264] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7262] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7264] <... mmap resumed>) = 0x200000000000 [pid 7264] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7262] <... futex resumed>) = 0 [pid 7264] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7262] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7261] +++ killed by SIGSEGV (core dumped) +++ [pid 7262] <... futex resumed>) = 0 [pid 7260] +++ killed by SIGSEGV (core dumped) +++ [pid 7264] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=257, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 7262] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7264] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7264] <... futex resumed>) = 0 [pid 7262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7264] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7262] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7262] <... futex resumed>) = 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 7264] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7262] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7265] <... mount resumed>) = 0 [pid 7269] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7267] <... write resumed>) = 2097152 [pid 7265] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7267] munmap(0x7f7017800000, 138412032) = 0 [pid 7265] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7267] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7265] <... chdir resumed>) = 0 [pid 7267] <... openat resumed>) = 4 [pid 7265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7267] ioctl(4, LOOP_SET_FD, 3 [pid 7265] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7263] <... futex resumed>) = 0 [pid 7265] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7263] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7263] <... futex resumed>) = 0 [pid 7265] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7263] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7267] <... ioctl resumed>) = 0 [pid 7267] close(3 [pid 7265] <... openat resumed>) = 4 [pid 7267] <... close resumed>) = 0 [pid 7267] close(4) = 0 [pid 7265] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7267] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7263] <... futex resumed>) = 0 [pid 7263] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7267] <... mkdir resumed>) = 0 [pid 7265] <... futex resumed>) = 1 [pid 7263] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7267] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7265] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7265] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] <... write resumed>) = 2097152 [pid 7265] <... futex resumed>) = 1 [pid 7263] <... futex resumed>) = 0 [pid 7269] munmap(0x7f7017800000, 138412032 [pid 7265] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7263] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 481.744095][ T7267] loop2: detected capacity change from 0 to 4096 [pid 7263] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7265] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 5872] <... umount2 resumed>) = 0 [pid 7265] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] <... munmap resumed>) = 0 [pid 7265] <... futex resumed>) = 1 [pid 7263] <... futex resumed>) = 0 [pid 7269] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7265] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7263] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7263] <... futex resumed>) = 0 [pid 7263] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7269] <... openat resumed>) = 4 [pid 7265] <... mmap resumed>) = 0x200000000000 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7269] ioctl(4, LOOP_SET_FD, 3 [pid 7265] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7263] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7265] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7263] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7265] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7263] <... futex resumed>) = 0 [pid 7265] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7263] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7265] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] <... ioctl resumed>) = 0 [pid 7265] <... futex resumed>) = 0 [pid 7263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... openat resumed>) = 4 [pid 7263] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7265] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7269] close(3 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7269] <... close resumed>) = 0 [pid 5872] getdents64(4, [pid 7269] close(4 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7269] <... close resumed>) = 0 [pid 5872] close(4 [pid 7269] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] <... close resumed>) = 0 [pid 7269] <... mkdir resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7269] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... rmdir resumed>) = 0 [pid 5872] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./123/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [ 481.845435][ T7269] loop1: detected capacity change from 0 to 4096 [pid 5872] close(3) = 0 [pid 5872] rmdir("./123") = 0 [pid 5872] mkdir("./124", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7267] <... mount resumed>) = 0 [pid 7267] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7267] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7267] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7267] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7266] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7267] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7266] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7266] <... futex resumed>) = 0 [pid 7267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7267] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000./strace-static-x86_64: Process 7270 attached [pid 7266] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7270] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7270] chdir("./124" [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 259 [pid 7270] <... chdir resumed>) = 0 [pid 7270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7270] setpgid(0, 0) = 0 [pid 7270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7267] <... openat resumed>) = 4 [pid 7267] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7266] <... futex resumed>) = 0 [pid 7270] <... openat resumed>) = 3 [pid 7266] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7270] write(3, "1000", 4 [pid 7266] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7270] <... write resumed>) = 4 [pid 7267] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7270] close(3) = 0 [pid 7267] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7267] <... futex resumed>) = 1 [pid 7266] <... futex resumed>) = 0 [pid 7270] write(1, "executing program\n", 18 [pid 7266] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7262] <... futex resumed>) = ? [pid 7266] <... futex resumed>) = 0 [pid 7270] <... write resumed>) = 18 [pid 7270] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7267] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7266] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7267] <... write resumed>) = 1116 [pid 7267] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7267] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7266] <... futex resumed>) = 0 [pid 7270] <... futex resumed>) = 0 [pid 7266] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7267] <... futex resumed>) = 0 [pid 7266] <... futex resumed>) = 1 [pid 7267] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7270] <... mmap resumed>) = 0x7f701fcf4000 [pid 7267] <... mmap resumed>) = 0x200000000000 [pid 7266] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7270] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7267] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7266] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] <... mprotect resumed>) = 0 [pid 7267] <... futex resumed>) = 0 [pid 7267] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7270] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7267] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7266] <... futex resumed>) = 0 [pid 7270] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7267] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7267] <... futex resumed>) = 0 [pid 7266] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7264] +++ killed by SIGSEGV (core dumped) +++ [pid 7262] +++ killed by SIGSEGV (core dumped) +++ [pid 7267] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7270] <... clone3 resumed> => {parent_tid=[260]}, 88) = 260 [pid 7270] rt_sigprocmask(SIG_SETMASK, [], [pid 7267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7266] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=258, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 7270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7266] <... futex resumed>) = 0 [pid 7270] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7266] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7270] <... futex resumed>) = 0 [pid 7270] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7267] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- ./strace-static-x86_64: Process 7271 attached [pid 5871] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7271] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7271] <... rseq resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7271] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7271] memfd_create("syzkaller", 0 [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7269] <... mount resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7269] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7269] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7271] <... memfd_create resumed>) = 3 [pid 7269] <... chdir resumed>) = 0 [pid 7269] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7269] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7269] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7269] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7268] <... futex resumed>) = 0 [pid 7268] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] <... futex resumed>) = 0 [pid 7268] <... futex resumed>) = 1 [pid 7269] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7269] <... openat resumed>) = 4 [pid 7269] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7268] <... futex resumed>) = 0 [pid 7269] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7268] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7268] <... futex resumed>) = 0 [pid 7269] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7271] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7269] <... openat resumed>) = 5 [pid 7269] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7269] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7268] <... futex resumed>) = 0 [pid 7269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7268] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7268] <... futex resumed>) = 0 [pid 7269] <... write resumed>) = 1116 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7269] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7269] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7268] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7269] <... mmap resumed>) = 0x200000000000 [pid 7269] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7268] <... futex resumed>) = 0 [pid 7269] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7268] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7269] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7268] <... futex resumed>) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7269] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7269] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7268] <... futex resumed>) = 0 [pid 7268] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7269] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7268] <... futex resumed>) = 0 [pid 7268] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7263] <... futex resumed>) = ? [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./124/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./124") = 0 [pid 5871] mkdir("./125", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7265] +++ killed by SIGSEGV (core dumped) +++ [pid 7263] +++ killed by SIGSEGV (core dumped) +++ [pid 7271] <... write resumed>) = 2097152 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=256, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 7271] munmap(0x7f7017800000, 138412032 [pid 5868] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7271] <... munmap resumed>) = 0 [pid 7271] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7271] close(3) = 0 [pid 7271] close(4) = 0 [pid 7271] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7271] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7272 attached , child_tidptr=0x55557616a690) = 260 [pid 7272] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7272] chdir("./125") = 0 [pid 7272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7272] setpgid(0, 0) = 0 [pid 7272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7272] write(3, "1000", 4) = 4 [pid 7272] close(3) = 0 [ 482.420027][ T7271] loop4: detected capacity change from 0 to 4096 [pid 7272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7272] write(1, "executing program\n", 18executing program ) = 18 [pid 7272] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7272] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[261]}, 88) = 261 [pid 7272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7272] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7273 attached ) = 0 [pid 7272] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7273] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7273] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7273] memfd_create("syzkaller", 0) = 3 [pid 7266] <... futex resumed>) = ? [pid 7273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7267] +++ killed by SIGSEGV (core dumped) +++ [pid 7266] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=258, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = 0 [pid 7273] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7271] <... mount resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7271] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7271] <... openat resumed>) = 3 [pid 5868] umount2("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7271] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7271] <... chdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7271] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] <... openat resumed>) = 4 [pid 7271] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(4, "", [pid 7271] <... futex resumed>) = 1 [pid 7270] <... futex resumed>) = 0 [pid 7271] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7270] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7270] <... futex resumed>) = 0 [pid 7270] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7271] <... openat resumed>) = 4 [pid 7271] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7270] <... futex resumed>) = 0 [pid 7271] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7270] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7270] <... futex resumed>) = 0 [pid 7271] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7270] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7271] <... openat resumed>) = 5 [pid 5868] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7273] <... write resumed>) = 2097152 [pid 7271] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7273] munmap(0x7f7017800000, 138412032 [pid 7271] <... futex resumed>) = 1 [pid 7270] <... futex resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./123/binderfs", [pid 7271] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7270] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7270] <... futex resumed>) = 0 [pid 5868] unlink("./123/binderfs" [pid 7271] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7270] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... unlink resumed>) = 0 [pid 7271] <... write resumed>) = 1116 [pid 5868] getdents64(3, [pid 7271] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7273] <... munmap resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7271] <... futex resumed>) = 1 [pid 7270] <... futex resumed>) = 0 [pid 7271] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7270] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(3 [pid 7270] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7270] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7271] <... mmap resumed>) = 0x200000000000 [pid 7271] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] rmdir("./123" [pid 7271] <... futex resumed>) = 1 [pid 7270] <... futex resumed>) = 0 [pid 7268] <... futex resumed>) = ? [pid 5868] <... rmdir resumed>) = 0 [pid 7271] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7270] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7270] <... futex resumed>) = 0 [pid 5868] mkdir("./124", 0777 [pid 7271] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7270] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7273] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7273] ioctl(4, LOOP_SET_FD, 3 [pid 7271] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5868] <... mkdir resumed>) = 0 [pid 7269] +++ killed by SIGSEGV (core dumped) +++ [pid 7268] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=263, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5870] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7271] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... ioctl resumed>) = 0 [pid 7271] <... futex resumed>) = 1 [pid 7270] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 5868] close(3 [pid 7270] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(3, "", [pid 7270] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7271] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7270] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7273] <... ioctl resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 7273] close(3 [pid 5869] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7273] <... close resumed>) = 0 [pid 7273] close(4) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7273] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7273] <... mkdir resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7273] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 482.689073][ T7273] loop3: detected capacity change from 0 to 4096 [pid 5869] newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./124/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./124") = 0 [pid 5869] mkdir("./125", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5868] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7274 attached [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7275 attached [pid 7274] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 258 [pid 7275] set_robust_list(0x55557616a6a0, 24 [pid 7274] <... set_robust_list resumed>) = 0 [pid 7273] <... mount resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 260 [pid 7274] chdir("./124" [pid 7275] <... set_robust_list resumed>) = 0 [pid 7274] <... chdir resumed>) = 0 [pid 7273] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7274] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7275] chdir("./125" [pid 7274] <... prctl resumed>) = 0 [pid 7273] <... openat resumed>) = 3 [pid 7274] setpgid(0, 0 [pid 7273] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7274] <... setpgid resumed>) = 0 [pid 7273] <... chdir resumed>) = 0 [pid 7275] <... chdir resumed>) = 0 [pid 7274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7273] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7274] <... openat resumed>) = 3 [pid 7273] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7275] setpgid(0, 0 [pid 7274] write(3, "1000", 4 [pid 7273] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7275] <... setpgid resumed>) = 0 [pid 7274] <... write resumed>) = 4 [pid 7275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7273] <... futex resumed>) = 1 [pid 7274] close(3 [pid 7275] <... openat resumed>) = 3 [pid 7274] <... close resumed>) = 0 [pid 7273] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7272] <... futex resumed>) = 0 [pid 7272] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7272] <... futex resumed>) = 0 [pid 7272] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7273] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] <... umount2 resumed>) = 0 [pid 7275] write(3, "1000", 4 [pid 7274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = -1 EINVAL (Invalid argument) [pid 7275] <... write resumed>) = 4 [pid 7274] write(1, "executing program\n", 18 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7275] close(3 [pid 7274] <... write resumed>) = 18 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7275] <... close resumed>) = 0 [pid 7274] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7273] <... openat resumed>) = 4 [pid 7275] symlink("/dev/binderfs", "./binderfs" [pid 7274] <... futex resumed>) = 0 [pid 7275] <... symlink resumed>) = 0 [pid 7274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7273] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7275] write(1, "executing program\n", 18 [pid 7274] <... mmap resumed>) = 0x7f701fcf4000 [pid 7272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5870] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7275] <... write resumed>) = 18 [pid 7274] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7273] <... futex resumed>) = 0 [pid 7275] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7274] <... mprotect resumed>) = 0 [pid 7273] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7272] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7272] <... futex resumed>) = 0 [pid 7274] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7272] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7275] <... mmap resumed>) = 0x7f701fcf4000 [pid 7274] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5870] <... openat resumed>) = 4 [pid 7275] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7273] <... openat resumed>) = 5 ./strace-static-x86_64: Process 7276 attached [pid 7275] <... mprotect resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 7276] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7275] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7274] <... clone3 resumed> => {parent_tid=[259]}, 88) = 259 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7275] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7274] rt_sigprocmask(SIG_SETMASK, [], [pid 7276] <... rseq resumed>) = 0 [pid 7276] set_robust_list(0x7f701fd149a0, 24 [pid 7275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7276] <... set_robust_list resumed>) = 0 [pid 7274] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7277 attached [pid 7276] rt_sigprocmask(SIG_SETMASK, [], [pid 7274] <... futex resumed>) = 0 [pid 7273] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(4, [pid 7276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7277] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7274] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7273] <... futex resumed>) = 1 [pid 7272] <... futex resumed>) = 0 [pid 7273] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7272] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7277] <... rseq resumed>) = 0 [pid 7276] memfd_create("syzkaller", 0 [pid 7275] <... clone3 resumed> => {parent_tid=[261]}, 88) = 261 [pid 7273] <... write resumed>) = 1116 [pid 7272] <... futex resumed>) = 0 [pid 5870] getdents64(4, [pid 7273] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7272] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7273] <... futex resumed>) = 0 [pid 7272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] close(4 [pid 7273] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7272] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7277] set_robust_list(0x7f701fd149a0, 24 [pid 7275] rt_sigprocmask(SIG_SETMASK, [], [pid 7273] <... mmap resumed>) = 0x200000000000 [pid 7272] <... futex resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7277] <... set_robust_list resumed>) = 0 [pid 7276] <... memfd_create resumed>) = 3 [pid 7275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7273] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7272] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... rmdir resumed>) = 0 [pid 7277] rt_sigprocmask(SIG_SETMASK, [], [pid 7276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7275] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7273] <... futex resumed>) = 0 [pid 7272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7276] <... mmap resumed>) = 0x7f7017800000 [pid 7275] <... futex resumed>) = 0 [pid 7273] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7272] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7275] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7272] <... futex resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "./124/binderfs", [pid 7277] memfd_create("syzkaller", 0 [pid 7273] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7272] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./124/binderfs") = 0 [pid 5870] getdents64(3, [pid 7273] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7273] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(3 [pid 7273] <... futex resumed>) = 1 [pid 7272] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7272] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7272] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] rmdir("./124") = 0 [pid 5870] mkdir("./125", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7273] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7277] <... memfd_create resumed>) = 3 [pid 7277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 265 ./strace-static-x86_64: Process 7278 attached [pid 7278] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7278] chdir("./125") = 0 [pid 7278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7278] setpgid(0, 0) = 0 [pid 7278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7276] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7278] write(3, "1000", 4) = 4 executing program [pid 7278] close(3) = 0 [pid 7278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7278] write(1, "executing program\n", 18) = 18 [pid 7278] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7278] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7279 attached => {parent_tid=[266]}, 88) = 266 [pid 7277] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7279] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7278] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7279] <... rseq resumed>) = 0 [pid 7278] <... futex resumed>) = 0 [pid 7279] set_robust_list(0x7f701fd149a0, 24 [pid 7278] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7279] <... set_robust_list resumed>) = 0 [pid 7279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7279] memfd_create("syzkaller", 0) = 3 [pid 7270] <... futex resumed>) = ? [pid 7279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7271] +++ killed by SIGSEGV (core dumped) +++ [pid 7270] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=259, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5872] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7277] <... write resumed>) = 2097152 [pid 7276] <... write resumed>) = 2097152 [pid 7277] munmap(0x7f7017800000, 138412032 [pid 7276] munmap(0x7f7017800000, 138412032 [pid 7277] <... munmap resumed>) = 0 [pid 7276] <... munmap resumed>) = 0 [pid 7276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7279] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7277] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7276] ioctl(4, LOOP_SET_FD, 3 [pid 7277] <... openat resumed>) = 4 [pid 7276] <... ioctl resumed>) = 0 [pid 7277] ioctl(4, LOOP_SET_FD, 3 [pid 7276] close(3) = 0 [pid 7276] close(4) = 0 [pid 7276] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7276] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7277] <... ioctl resumed>) = 0 [pid 7277] close(3) = 0 [ 483.241933][ T7276] loop0: detected capacity change from 0 to 4096 [ 483.258963][ T7277] loop2: detected capacity change from 0 to 4096 [pid 7277] close(4 [pid 7279] <... write resumed>) = 2097152 [pid 7277] <... close resumed>) = 0 [pid 7277] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] <... umount2 resumed>) = 0 [pid 7279] munmap(0x7f7017800000, 138412032 [pid 7277] <... mkdir resumed>) = 0 [pid 7277] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./124/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./124") = 0 [pid 5872] mkdir("./125", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7279] <... munmap resumed>) = 0 [pid 7279] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... close resumed>) = 0 [pid 7279] <... openat resumed>) = 4 [pid 7279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7279] close(3) = 0 [pid 7279] close(4) = 0 [pid 7279] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7279] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 483.387994][ T7279] loop1: detected capacity change from 0 to 4096 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7276] <... mount resumed>) = 0 [pid 7276] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7272] <... futex resumed>) = ? [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 261 ./strace-static-x86_64: Process 7280 attached [pid 7276] <... openat resumed>) = 3 [pid 7276] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7280] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7276] <... chdir resumed>) = 0 [pid 7280] chdir("./125") = 0 [pid 7280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7280] setpgid(0, 0) = 0 [pid 7280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7276] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7274] <... futex resumed>) = 0 [pid 7280] <... openat resumed>) = 3 [pid 7276] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7274] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7274] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7273] +++ killed by SIGSEGV (core dumped) +++ [pid 7272] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=260, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7280] write(3, "1000", 4 [pid 5871] <... restart_syscall resumed>) = 0 [pid 7280] <... write resumed>) = 4 executing program [pid 7280] close(3) = 0 [pid 5871] umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7280] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7280] <... symlink resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7280] write(1, "executing program\n", 18 [pid 5871] <... openat resumed>) = 3 [pid 7280] <... write resumed>) = 18 [pid 5871] newfstatat(3, "", [pid 7280] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7280] <... futex resumed>) = 0 [pid 5871] getdents64(3, [pid 7280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7276] <... openat resumed>) = 4 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7280] <... mmap resumed>) = 0x7f701fcf4000 [pid 7276] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7280] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7276] <... futex resumed>) = 1 [pid 7274] <... futex resumed>) = 0 [pid 7280] <... mprotect resumed>) = 0 [pid 7276] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7274] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7276] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7274] <... futex resumed>) = 0 [pid 7274] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7280] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7277] <... mount resumed>) = 0 [pid 7276] <... openat resumed>) = 5 [pid 7280] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7276] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7276] <... futex resumed>) = 1 ./strace-static-x86_64: Process 7281 attached [pid 7276] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7274] <... futex resumed>) = 0 [pid 7280] <... clone3 resumed> => {parent_tid=[262]}, 88) = 262 [pid 7274] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7281] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7280] rt_sigprocmask(SIG_SETMASK, [], [pid 7277] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7276] <... futex resumed>) = 0 [pid 7274] <... futex resumed>) = 1 [pid 7281] <... rseq resumed>) = 0 [pid 7280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7277] <... openat resumed>) = 3 [pid 7276] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7274] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7281] set_robust_list(0x7f701fd149a0, 24 [pid 7280] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7277] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7276] <... write resumed>) = 1116 [pid 7280] <... futex resumed>) = 0 [pid 7276] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7281] <... set_robust_list resumed>) = 0 [pid 7280] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7276] <... futex resumed>) = 1 [pid 7274] <... futex resumed>) = 0 [pid 7276] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7281] rt_sigprocmask(SIG_SETMASK, [], [pid 7277] <... chdir resumed>) = 0 [pid 7281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7277] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7281] memfd_create("syzkaller", 0 [pid 7277] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7277] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7274] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7275] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7274] <... futex resumed>) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7274] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7275] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7277] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7276] <... futex resumed>) = 0 [pid 7276] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7281] <... memfd_create resumed>) = 3 [pid 7281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7276] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7281] <... mmap resumed>) = 0x7f7017800000 [pid 7276] <... futex resumed>) = 1 [pid 7274] <... futex resumed>) = 0 [pid 7277] <... openat resumed>) = 4 [pid 7276] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7274] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7276] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7274] <... futex resumed>) = 0 [pid 7276] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7274] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7276] <... futex resumed>) = 0 [pid 7276] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7274] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7276] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7274] <... futex resumed>) = ? [pid 7277] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7277] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7275] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7275] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7277] <... openat resumed>) = 5 [pid 7277] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7275] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7277] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7275] <... futex resumed>) = 0 [pid 7277] <... write resumed>) = 1116 [pid 7275] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7277] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7275] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7277] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7275] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7277] <... mmap resumed>) = 0x200000000000 [pid 7277] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7275] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7275] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7277] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7279] <... mount resumed>) = 0 [pid 7277] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7279] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7277] <... futex resumed>) = 1 [pid 7275] <... futex resumed>) = 0 [pid 7279] <... openat resumed>) = 3 [pid 7277] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7275] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7279] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7279] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7279] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7279] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7278] <... futex resumed>) = 0 [pid 7278] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7279] <... futex resumed>) = 0 [pid 7278] <... futex resumed>) = 1 [pid 7279] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7278] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7281] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7279] <... openat resumed>) = 4 [pid 5871] <... umount2 resumed>) = 0 [pid 7279] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7279] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7278] <... futex resumed>) = 0 [pid 7278] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7279] <... futex resumed>) = 0 [pid 7278] <... futex resumed>) = 1 [pid 7279] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7278] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7279] <... openat resumed>) = 5 [pid 7279] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7278] <... futex resumed>) = 0 [pid 7278] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7278] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7279] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7279] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7278] <... futex resumed>) = 0 [pid 7279] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7278] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7279] <... mmap resumed>) = 0x200000000000 [pid 7278] <... futex resumed>) = 0 [pid 7279] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7278] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7279] <... futex resumed>) = 0 [pid 7278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7278] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7278] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7279] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7279] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7278] <... futex resumed>) = 0 [pid 7279] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7278] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./125/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./125") = 0 [pid 5871] mkdir("./126", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7281] <... write resumed>) = 2097152 [pid 7281] munmap(0x7f7017800000, 138412032) = 0 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7281] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7281] close(3) = 0 [pid 7281] close(4) = 0 [pid 7281] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7281] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7282 attached , child_tidptr=0x55557616a690) = 262 [pid 7282] set_robust_list(0x55557616a6a0, 24) = 0 [ 483.806259][ T7281] loop4: detected capacity change from 0 to 4096 [pid 7282] chdir("./126") = 0 [pid 7282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7282] setpgid(0, 0) = 0 [pid 7282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7282] write(3, "1000", 4) = 4 [pid 7282] close(3) = 0 [pid 7282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7282] write(1, "executing program\n", 18executing program ) = 18 [pid 7282] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7282] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[263]}, 88) = 263 ./strace-static-x86_64: Process 7283 attached [pid 7282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7283] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7282] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7283] <... rseq resumed>) = 0 [pid 7282] <... futex resumed>) = 0 [pid 7283] set_robust_list(0x7f701fd149a0, 24 [pid 7282] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7283] <... set_robust_list resumed>) = 0 [pid 7283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7283] memfd_create("syzkaller", 0) = 3 [pid 7283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7281] <... mount resumed>) = 0 [pid 7281] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7281] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7281] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7281] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7280] <... futex resumed>) = 0 [pid 7281] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7280] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7280] <... futex resumed>) = 0 [pid 7280] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7281] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7276] +++ killed by SIGSEGV (core dumped) +++ [pid 7274] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=258, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7275] <... futex resumed>) = ? [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7281] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, [pid 7281] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7281] <... futex resumed>) = 1 [pid 7280] <... futex resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7281] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7280] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7280] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7281] <... openat resumed>) = 5 [pid 7277] +++ killed by SIGSEGV (core dumped) +++ [pid 7275] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=260, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7281] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7280] <... futex resumed>) = 0 [pid 7280] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7280] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7281] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 5869] umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7281] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7281] <... futex resumed>) = 1 [pid 7280] <... futex resumed>) = 0 [pid 7281] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7280] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", [pid 7283] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7281] <... mmap resumed>) = 0x200000000000 [pid 7280] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7281] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] getdents64(3, [pid 7281] <... futex resumed>) = 0 [pid 7280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7281] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7280] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7281] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7280] <... futex resumed>) = 0 [pid 7281] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7280] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7281] <... futex resumed>) = 0 [pid 7280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7281] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7280] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7280] <... futex resumed>) = 0 [pid 7281] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7280] ???( [pid 7278] <... futex resumed>) = ? [pid 7279] +++ killed by SIGSEGV (core dumped) +++ [pid 7278] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=265, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5870] umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7283] <... write resumed>) = 2097152 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7283] munmap(0x7f7017800000, 138412032) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7283] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7283] <... openat resumed>) = 4 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7283] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", [pid 5869] newfstatat(4, "", [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./125/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./125") = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] mkdir("./126", 0777) = 0 [pid 5868] getdents64(4, [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5868] close(4 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... close resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] close(3 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7283] <... ioctl resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./124/binderfs" [pid 7283] close(3) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7283] close(4 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3 [pid 7283] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7283] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5868] rmdir("./124" [pid 7283] <... mkdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./125", 0777 [pid 7283] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] <... mkdir resumed>) = 0 [ 484.229418][ T7283] loop3: detected capacity change from 0 to 4096 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] <... umount2 resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5870] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... close resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 7284 attached [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7284] set_robust_list(0x55557616a6a0, 24 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 262 [pid 7284] <... set_robust_list resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./125/binderfs", [pid 7284] chdir("./126" [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./125/binderfs" [pid 7284] <... chdir resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 7284] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] getdents64(3, [pid 7284] <... prctl resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7284] setpgid(0, 0 [pid 5870] close(3 [pid 7284] <... setpgid resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] rmdir("./125" [pid 7284] <... openat resumed>) = 3 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./126", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7284] write(3, "1000", 4 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7284] <... write resumed>) = 4 [pid 7284] close(3) = 0 [pid 7284] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7284] write(1, "executing program\n", 18) = 18 [pid 7284] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 7284] <... futex resumed>) = 0 [pid 7284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7284] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7285 attached => {parent_tid=[263]}, 88) = 263 [pid 7280] <... ??? resumed>) = ? [pid 5868] <... close resumed>) = 0 [pid 7284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7284] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7284] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7285] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7285] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7285] memfd_create("syzkaller", 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7286 attached , child_tidptr=0x55557616a690) = 260 [pid 5870] <... close resumed>) = 0 [pid 7285] <... memfd_create resumed>) = 3 [pid 7286] set_robust_list(0x55557616a6a0, 24 [pid 7285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7285] <... mmap resumed>) = 0x7f7017800000 ./strace-static-x86_64: Process 7287 attached [pid 7286] <... set_robust_list resumed>) = 0 [pid 7281] +++ killed by SIGSEGV (core dumped) +++ [pid 7280] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=261, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 267 [pid 7287] set_robust_list(0x55557616a6a0, 24 [pid 7286] chdir("./125" [pid 7287] <... set_robust_list resumed>) = 0 [pid 5872] umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7286] <... chdir resumed>) = 0 [pid 7287] chdir("./126" [pid 7286] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7286] <... prctl resumed>) = 0 [pid 7287] <... chdir resumed>) = 0 [pid 7286] setpgid(0, 0 [pid 7283] <... mount resumed>) = 0 [pid 5872] openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7287] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7286] <... setpgid resumed>) = 0 [pid 7283] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] <... openat resumed>) = 3 [pid 7287] <... prctl resumed>) = 0 [pid 7286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7287] setpgid(0, 0 [pid 7286] <... openat resumed>) = 3 [pid 7283] <... openat resumed>) = 3 [pid 7287] <... setpgid resumed>) = 0 [pid 7283] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5872] getdents64(3, [pid 7287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7286] write(3, "1000", 4 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7286] <... write resumed>) = 4 [pid 5872] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7287] <... openat resumed>) = 3 [pid 7286] close(3 [pid 7283] <... chdir resumed>) = 0 [pid 7283] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7283] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7282] <... futex resumed>) = 0 [pid 7282] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7283] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7282] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] <... close resumed>) = 0 [pid 7286] symlink("/dev/binderfs", "./binderfs" [pid 7287] write(3, "1000", 4) = 4 [pid 7287] close(3 [pid 7286] <... symlink resumed>) = 0 [pid 7287] <... close resumed>) = 0 [pid 7286] write(1, "executing program\n", 18executing program [pid 7287] symlink("/dev/binderfs", "./binderfs" [pid 7286] <... write resumed>) = 18 [pid 7283] <... openat resumed>) = 4 [pid 7287] <... symlink resumed>) = 0 [pid 7286] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7287] write(1, "executing program\n", 18 [pid 7286] <... futex resumed>) = 0 [pid 7286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7283] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 1 [pid 7287] <... write resumed>) = 18 [pid 7286] <... mmap resumed>) = 0x7f701fcf4000 [pid 7282] <... futex resumed>) = 0 [pid 7286] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7287] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7283] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7282] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7286] <... mprotect resumed>) = 0 [pid 7282] <... futex resumed>) = 0 [pid 7282] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7287] <... futex resumed>) = 0 [pid 7286] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7283] <... openat resumed>) = 5 [pid 7283] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7282] <... futex resumed>) = 0 [pid 7282] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7283] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7283] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7282] <... futex resumed>) = 0 [pid 7282] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7282] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7285] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7283] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7286] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7287] <... mmap resumed>) = 0x7f701fcf4000 [pid 7286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7283] <... mmap resumed>) = 0x200000000000 [pid 7283] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7287] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7283] <... futex resumed>) = 1 [pid 7282] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7288 attached [pid 7287] <... mprotect resumed>) = 0 [pid 7286] <... clone3 resumed> => {parent_tid=[261]}, 88) = 261 [pid 7283] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7282] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7287] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7286] rt_sigprocmask(SIG_SETMASK, [], [pid 7283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7283] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7282] <... futex resumed>) = 0 [pid 7287] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7283] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7282] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7283] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... rseq resumed>) = 0 [pid 7287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7286] <... futex resumed>) = 0 [pid 7283] <... futex resumed>) = 1 [pid 7282] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7289 attached [pid 7288] set_robust_list(0x7f701fd149a0, 24 [pid 7286] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7283] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7289] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7282] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] <... rseq resumed>) = 0 [pid 7287] <... clone3 resumed> => {parent_tid=[268]}, 88) = 268 [pid 7283] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7282] <... futex resumed>) = 0 [pid 7288] <... set_robust_list resumed>) = 0 [pid 7287] rt_sigprocmask(SIG_SETMASK, [], [pid 7289] set_robust_list(0x7f701fd149a0, 24 [pid 7288] rt_sigprocmask(SIG_SETMASK, [], [pid 7287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7289] <... set_robust_list resumed>) = 0 [pid 7288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7287] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] rt_sigprocmask(SIG_SETMASK, [], [pid 7287] <... futex resumed>) = 0 [pid 7289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7287] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7289] memfd_create("syzkaller", 0 [pid 7288] memfd_create("syzkaller", 0) = 3 [pid 7288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7289] <... memfd_create resumed>) = 3 [pid 7288] <... mmap resumed>) = 0x7f7017800000 [pid 7289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7285] <... write resumed>) = 2097152 [pid 7285] munmap(0x7f7017800000, 138412032) = 0 [pid 7288] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... umount2 resumed>) = 0 [pid 7285] <... openat resumed>) = 4 [pid 7285] ioctl(4, LOOP_SET_FD, 3 [pid 5872] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7289] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7285] <... ioctl resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 7285] close(3 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7285] <... close resumed>) = 0 [pid 5872] close(4 [pid 7285] close(4 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7285] <... close resumed>) = 0 [pid 5872] umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7285] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7285] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] unlink("./125/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./125") = 0 [pid 5872] mkdir("./126", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [ 484.669318][ T7285] loop2: detected capacity change from 0 to 4096 [pid 5872] close(3 [pid 7289] <... write resumed>) = 2097152 [pid 7288] <... write resumed>) = 2097152 [pid 7289] munmap(0x7f7017800000, 138412032) = 0 [pid 7288] munmap(0x7f7017800000, 138412032 [pid 7289] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7289] ioctl(4, LOOP_SET_FD, 3 [pid 7288] <... munmap resumed>) = 0 [pid 7288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7288] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7290 attached [pid 7290] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 263 [pid 7290] chdir("./126") = 0 [pid 7290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7290] setpgid(0, 0) = 0 [pid 7290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7290] write(3, "1000", 4 [pid 7288] <... ioctl resumed>) = 0 [pid 7288] close(3 [pid 7290] <... write resumed>) = 4 [pid 7288] <... close resumed>) = 0 [pid 7290] close(3 [pid 7288] close(4 [pid 7290] <... close resumed>) = 0 [pid 7288] <... close resumed>) = 0 [pid 7290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7288] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7289] <... ioctl resumed>) = 0 [pid 7288] <... mkdir resumed>) = 0 [pid 7288] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"...executing program [pid 7290] write(1, "executing program\n", 18) = 18 [pid 7290] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7289] close(3) = 0 [pid 7289] close(4) = 0 [pid 7290] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [ 484.785181][ T7289] loop1: detected capacity change from 0 to 4096 [ 484.793595][ T7288] loop0: detected capacity change from 0 to 4096 [pid 7289] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7290] <... mprotect resumed>) = 0 [pid 7289] <... mkdir resumed>) = 0 [pid 7289] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7291 attached => {parent_tid=[264]}, 88) = 264 [pid 7290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7290] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7290] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7291] <... rseq resumed>) = 0 [pid 7291] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7291] memfd_create("syzkaller", 0) = 3 [pid 7291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7285] <... mount resumed>) = 0 [pid 7285] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7285] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7285] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7284] <... futex resumed>) = 0 [pid 7284] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7284] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7285] <... openat resumed>) = 4 [pid 7285] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7284] <... futex resumed>) = 0 [pid 7284] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7285] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7284] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7283] +++ killed by SIGSEGV (core dumped) +++ [pid 7282] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=262, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5871] umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7285] <... openat resumed>) = 5 [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7285] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7284] <... futex resumed>) = 0 [pid 7288] <... mount resumed>) = 0 [pid 7284] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7284] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7285] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7288] <... openat resumed>) = 3 [pid 7285] <... write resumed>) = 1116 [pid 7291] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7285] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7284] <... futex resumed>) = 0 [pid 7288] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7285] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7284] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] <... mmap resumed>) = 0x200000000000 [pid 7284] <... futex resumed>) = 0 [pid 7284] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7285] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7285] <... futex resumed>) = 1 [pid 7284] <... futex resumed>) = 0 [pid 7288] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7284] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... futex resumed>) = 1 [pid 7286] <... futex resumed>) = 0 [pid 7289] <... mount resumed>) = 0 [pid 7288] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7286] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7285] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7284] <... futex resumed>) = 0 [pid 7288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7286] <... futex resumed>) = 0 [pid 7285] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7284] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7289] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7288] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7286] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7285] <... futex resumed>) = 0 [pid 7284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7285] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7284] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7288] <... openat resumed>) = 4 [pid 7289] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7288] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7286] <... futex resumed>) = 0 [pid 7288] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7286] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7286] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7288] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7289] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7288] <... openat resumed>) = 5 [pid 7289] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7287] <... futex resumed>) = 0 [pid 7289] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7288] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7287] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... futex resumed>) = 1 [pid 7289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7287] <... futex resumed>) = 0 [pid 7286] <... futex resumed>) = 0 [pid 7287] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7286] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7289] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7288] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7288] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7288] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7286] <... futex resumed>) = 0 [pid 7286] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] <... openat resumed>) = 4 [pid 7288] <... futex resumed>) = 0 [pid 7286] <... futex resumed>) = 1 [pid 7286] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7289] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7289] <... futex resumed>) = 1 [pid 7291] <... write resumed>) = 2097152 [pid 7289] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7288] <... mmap resumed>) = 0x200000000000 [pid 7287] <... futex resumed>) = 0 [pid 7288] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7287] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... futex resumed>) = 1 [pid 7287] <... futex resumed>) = 1 [pid 7289] <... futex resumed>) = 0 [pid 7286] <... futex resumed>) = 0 [pid 7289] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7287] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7289] <... openat resumed>) = 5 [pid 7286] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7289] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7287] <... futex resumed>) = 0 [pid 7289] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7287] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7287] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7291] munmap(0x7f7017800000, 138412032) = 0 [pid 7289] <... futex resumed>) = 0 [pid 7288] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7289] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7288] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7289] <... write resumed>) = 1116 [pid 7288] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = 0 [pid 7289] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7288] <... futex resumed>) = 1 [pid 7289] <... futex resumed>) = 1 [pid 7288] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7289] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7287] <... futex resumed>) = 0 [pid 7286] <... futex resumed>) = 0 [pid 7287] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7286] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] <... futex resumed>) = 0 [pid 7288] <... futex resumed>) = 0 [pid 7287] <... futex resumed>) = 1 [pid 7286] <... futex resumed>) = 1 [pid 7289] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7288] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7287] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] ???( [pid 7291] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7289] <... mmap resumed>) = 0x200000000000 [pid 7291] <... openat resumed>) = 4 [pid 7291] ioctl(4, LOOP_SET_FD, 3 [pid 7289] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7289] <... futex resumed>) = 1 [pid 7287] <... futex resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7289] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7287] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7287] <... futex resumed>) = 0 [pid 7287] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7289] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5871] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7289] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7289] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 4 [pid 7289] <... futex resumed>) = 1 [pid 5871] newfstatat(4, "", [pid 7289] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7287] <... futex resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7287] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7289] <... futex resumed>) = 0 [pid 7287] <... futex resumed>) = 1 [pid 5871] getdents64(4, [pid 7289] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7287] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7291] <... ioctl resumed>) = 0 [pid 5871] getdents64(4, [pid 7291] close(3) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7291] close(4) = 0 [pid 7291] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] close(4) = 0 [pid 7291] <... mkdir resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7291] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 485.151330][ T7291] loop4: detected capacity change from 0 to 4096 [pid 5871] unlink("./126/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./126") = 0 [pid 5871] mkdir("./127", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7292 attached [pid 7292] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7292] chdir("./127") = 0 [pid 7292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 264 [pid 7292] <... prctl resumed>) = 0 [pid 7292] setpgid(0, 0) = 0 [pid 7292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7292] write(3, "1000", 4) = 4 [pid 7292] close(3) = 0 [pid 7292] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7292] write(1, "executing program\n", 18) = 18 [pid 7292] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7292] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7291] <... mount resumed>) = 0 [pid 7292] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7291] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7292] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7291] <... openat resumed>) = 3 [pid 7292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7291] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7291] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 7293 attached [pid 7292] <... clone3 resumed> => {parent_tid=[265]}, 88) = 265 [pid 7291] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7292] rt_sigprocmask(SIG_SETMASK, [], [pid 7291] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7291] <... futex resumed>) = 1 [pid 7290] <... futex resumed>) = 0 [pid 7292] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7291] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7290] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7292] <... futex resumed>) = 0 [pid 7290] <... futex resumed>) = 0 [pid 7293] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7293] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7292] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7290] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7293] memfd_create("syzkaller", 0) = 3 [pid 7293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7291] <... openat resumed>) = 4 [pid 7291] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7284] <... futex resumed>) = ? [pid 7291] <... futex resumed>) = 1 [pid 7290] <... futex resumed>) = 0 [pid 7290] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7290] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7291] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7291] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7290] <... futex resumed>) = 0 [pid 7290] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7290] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7291] <... write resumed>) = 1116 [pid 7285] +++ killed by SIGSEGV (core dumped) +++ [pid 7284] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=262, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [pid 7291] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7291] <... futex resumed>) = 1 [pid 7290] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 7290] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 7291] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7291] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7290] <... futex resumed>) = 1 [pid 7291] <... futex resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7290] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7291] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7290] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7291] <... futex resumed>) = 0 [pid 7290] <... futex resumed>) = 1 [pid 7291] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7290] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7291] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7291] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7291] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7293] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7290] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7291] <... futex resumed>) = 0 [pid 7290] <... futex resumed>) = 1 [pid 7291] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7290] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7286] <... ??? resumed>) = ? [pid 7288] +++ killed by SIGSEGV (core dumped) +++ [pid 7286] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=260, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5868] umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7293] <... write resumed>) = 2097152 [pid 7293] munmap(0x7f7017800000, 138412032) = 0 [pid 7287] <... futex resumed>) = ? [pid 7293] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7293] ioctl(4, LOOP_SET_FD, 3 [pid 7289] +++ killed by SIGSEGV (core dumped) +++ [pid 7287] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=267, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7293] <... ioctl resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7293] close(3 [pid 5870] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7293] <... close resumed>) = 0 [pid 7293] close(4) = 0 [pid 7293] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 485.688238][ T7293] loop3: detected capacity change from 0 to 4096 [pid 7293] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] rmdir("\x2e\x2f\x31\x32\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... rmdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] newfstatat(AT_FDCWD, "./125/binderfs", [pid 5869] <... openat resumed>) = 4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] newfstatat(4, "", [pid 5868] unlink("./125/binderfs" [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7293] <... mount resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7293] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] getdents64(3, [pid 5869] umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7293] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... umount2 resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] close(3 [pid 5869] newfstatat(AT_FDCWD, "./126/binderfs", [pid 7293] <... chdir resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... close resumed>) = 0 [pid 7293] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] unlink("./126/binderfs" [pid 5868] rmdir("./125" [pid 7293] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7293] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] mkdir("./126", 0777 [pid 7293] <... futex resumed>) = 1 [pid 7292] <... futex resumed>) = 0 [pid 5869] getdents64(3, [pid 5868] <... mkdir resumed>) = 0 [pid 7293] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7292] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7292] <... futex resumed>) = 0 [pid 5869] close(3 [pid 5868] <... openat resumed>) = 3 [pid 7292] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... close resumed>) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] rmdir("./126" [pid 5868] <... ioctl resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... rmdir resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] mkdir("./127", 0777 [pid 5868] close(3 [pid 5869] <... mkdir resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, [pid 5869] <... openat resumed>) = 3 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5870] rmdir("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./126/binderfs", [pid 5869] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] close(3 [pid 5870] unlink("./126/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./126") = 0 [pid 5870] mkdir("./127", 0777 [pid 7293] <... openat resumed>) = 4 [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7293] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 7293] <... futex resumed>) = 1 [pid 7292] <... futex resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7292] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... ioctl resumed>) = 0 [pid 7292] <... futex resumed>) = 0 [pid 7292] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] close(3 [pid 7293] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7293] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7293] <... futex resumed>) = 1 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7293] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7292] <... futex resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 262 ./strace-static-x86_64: Process 7294 attached [pid 7292] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7293] <... futex resumed>) = 0 [pid 7292] <... futex resumed>) = 1 [pid 7294] set_robust_list(0x55557616a6a0, 24 [pid 7293] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7292] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7294] <... set_robust_list resumed>) = 0 [pid 7293] <... write resumed>) = 1116 [pid 7293] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7292] <... futex resumed>) = 0 [pid 7292] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7294] chdir("./126" [pid 7293] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7292] <... futex resumed>) = 0 [pid 7294] <... chdir resumed>) = 0 [pid 7293] <... mmap resumed>) = 0x200000000000 [pid 7292] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 7294] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7293] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7294] <... prctl resumed>) = 0 [pid 7293] <... futex resumed>) = 1 [pid 7292] <... futex resumed>) = 0 [pid 7292] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7292] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7294] setpgid(0, 0 [pid 7293] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7294] <... setpgid resumed>) = 0 [pid 7293] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7292] <... futex resumed>) = 0 [pid 7293] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7292] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7294] write(3, "1000", 4) = 4 [pid 7294] close(3) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7294] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7294] write(1, "executing program\n", 18) = 18 [pid 7294] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] <... close resumed>) = 0 [pid 7294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 264 ./strace-static-x86_64: Process 7295 attached [pid 7294] <... mmap resumed>) = 0x7f701fcf4000 [pid 7294] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7296 attached [pid 7295] set_robust_list(0x55557616a6a0, 24 [pid 7296] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7294] <... clone3 resumed> => {parent_tid=[263]}, 88) = 263 [pid 7296] <... rseq resumed>) = 0 [pid 7295] <... set_robust_list resumed>) = 0 [pid 7294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7294] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7295] chdir("./127") = 0 [pid 7294] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7290] <... futex resumed>) = ? [pid 7295] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7296] set_robust_list(0x7f701fd149a0, 24 [pid 7295] <... prctl resumed>) = 0 [pid 7296] <... set_robust_list resumed>) = 0 [pid 7295] setpgid(0, 0 [pid 7296] rt_sigprocmask(SIG_SETMASK, [], [pid 7295] <... setpgid resumed>) = 0 [pid 7296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7296] memfd_create("syzkaller", 0 [pid 7295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7296] <... memfd_create resumed>) = 3 [pid 7296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7295] <... openat resumed>) = 3 [pid 7296] <... mmap resumed>) = 0x7f7017800000 [pid 7295] write(3, "1000", 4 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7295] <... write resumed>) = 4 [pid 7295] close(3./strace-static-x86_64: Process 7297 attached executing program [pid 7297] set_robust_list(0x55557616a6a0, 24 [pid 7295] <... close resumed>) = 0 [pid 7291] +++ killed by SIGSEGV (core dumped) +++ [pid 7290] +++ killed by SIGSEGV (core dumped) +++ [pid 7295] symlink("/dev/binderfs", "./binderfs" [pid 7297] <... set_robust_list resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=263, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- [pid 7297] chdir("./127" [pid 7295] <... symlink resumed>) = 0 [pid 7297] <... chdir resumed>) = 0 [pid 7295] write(1, "executing program\n", 18 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 269 [pid 7297] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7297] <... prctl resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7297] setpgid(0, 0 [pid 5872] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7297] <... setpgid resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 7297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7295] <... write resumed>) = 18 [pid 5872] newfstatat(3, "", [pid 7295] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7297] write(3, "1000", 4 [pid 7295] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7297] <... write resumed>) = 4 [pid 7295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] getdents64(3, [pid 7295] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7297] close(3 [pid 5872] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7297] <... close resumed>) = 0 [pid 7297] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7297] write(1, "executing program\n", 18) = 18 [pid 7297] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7297] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7295] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7297] <... clone3 resumed> => {parent_tid=[270]}, 88) = 270 [pid 7297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7297] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7298 attached [pid 7297] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7295] <... mprotect resumed>) = 0 [pid 7295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7298] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7295] <... clone3 resumed> => {parent_tid=[265]}, 88) = 265 [pid 7298] set_robust_list(0x7f701fd149a0, 24 [pid 7295] rt_sigprocmask(SIG_SETMASK, [], [pid 7298] <... set_robust_list resumed>) = 0 [pid 7295] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7299 attached [pid 7299] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7299] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7299] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7298] rt_sigprocmask(SIG_SETMASK, [], [pid 7295] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7299] memfd_create("syzkaller", 0) = 3 [pid 7298] memfd_create("syzkaller", 0 [pid 7296] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7298] <... memfd_create resumed>) = 3 [pid 7298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7298] <... mmap resumed>) = 0x7f7017800000 [pid 5872] <... umount2 resumed>) = 0 [pid 7299] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7296] <... write resumed>) = 2097152 [pid 7296] munmap(0x7f7017800000, 138412032 [pid 7298] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7296] <... munmap resumed>) = 0 [pid 7296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7296] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7296] <... ioctl resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7296] close(3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7296] <... close resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7296] close(4) = 0 [pid 5872] <... openat resumed>) = 4 [pid 7296] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7296] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, [pid 7298] <... write resumed>) = 2097152 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [ 486.228166][ T7296] loop0: detected capacity change from 0 to 4096 [pid 5872] umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7298] munmap(0x7f7017800000, 138412032 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7298] <... munmap resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "./126/binderfs", [pid 7299] <... write resumed>) = 2097152 [pid 7292] <... futex resumed>) = ? [pid 7298] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7298] <... openat resumed>) = 4 [pid 5872] unlink("./126/binderfs" [pid 7298] ioctl(4, LOOP_SET_FD, 3 [pid 7299] munmap(0x7f7017800000, 138412032 [pid 5872] <... unlink resumed>) = 0 [pid 5872] getdents64(3, [pid 7293] +++ killed by SIGSEGV (core dumped) +++ [pid 7292] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=264, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5872] rmdir("./126" [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5872] <... rmdir resumed>) = 0 [pid 7299] <... munmap resumed>) = 0 [pid 5872] mkdir("./127", 0777 [pid 7298] <... ioctl resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7299] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7299] ioctl(4, LOOP_SET_FD, 3 [pid 7298] close(3 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... openat resumed>) = 3 [pid 5871] <... openat resumed>) = 3 [pid 7298] <... close resumed>) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 7298] close(4 [pid 5872] <... ioctl resumed>) = 0 [pid 7298] <... close resumed>) = 0 [pid 5872] close(3 [pid 5871] newfstatat(3, "", [pid 7299] <... ioctl resumed>) = 0 [pid 7298] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7299] close(3 [pid 7298] <... mkdir resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 486.305433][ T7298] loop1: detected capacity change from 0 to 4096 [ 486.341093][ T7299] loop2: detected capacity change from 0 to 4096 [pid 5871] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7299] <... close resumed>) = 0 [pid 7299] close(4) = 0 [pid 7299] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7298] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7299] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7296] <... mount resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7296] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7296] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7300 attached [pid 7296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7300] set_robust_list(0x55557616a6a0, 24 [pid 7296] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] <... set_robust_list resumed>) = 0 [pid 7296] <... futex resumed>) = 1 [pid 7294] <... futex resumed>) = 0 [pid 7296] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 265 [pid 7294] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] chdir("./127" [pid 7296] <... futex resumed>) = 0 [pid 7294] <... futex resumed>) = 1 [pid 7300] <... chdir resumed>) = 0 [pid 7296] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7294] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7300] setpgid(0, 0) = 0 [pid 7296] <... openat resumed>) = 4 [pid 7296] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7294] <... futex resumed>) = 0 [pid 7296] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7294] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7294] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7296] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7296] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7294] <... futex resumed>) = 0 [pid 7294] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7294] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7296] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7300] <... openat resumed>) = 3 [pid 7296] <... write resumed>) = 1116 [pid 7296] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] write(3, "1000", 4 [pid 7296] <... futex resumed>) = 1 [pid 7294] <... futex resumed>) = 0 [pid 7296] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7294] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7296] <... mmap resumed>) = 0x200000000000 [pid 7300] <... write resumed>) = 4 [pid 7294] <... futex resumed>) = 0 [pid 7300] close(3) = 0 [pid 7294] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7296] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program ) = 1 [pid 7294] <... futex resumed>) = 0 [pid 7300] write(1, "executing program\n", 18 [pid 7294] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] <... write resumed>) = 18 [pid 7294] <... futex resumed>) = 0 [pid 7300] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7296] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7294] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7300] <... futex resumed>) = 0 [pid 7300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7296] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7300] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7296] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7294] <... futex resumed>) = 0 [pid 7296] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7294] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7301 attached [pid 7301] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7300] <... clone3 resumed> => {parent_tid=[266]}, 88) = 266 [pid 7300] rt_sigprocmask(SIG_SETMASK, [], [pid 7301] <... rseq resumed>) = 0 [pid 7300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7301] set_robust_list(0x7f701fd149a0, 24 [pid 7300] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7301] <... set_robust_list resumed>) = 0 [pid 7300] <... futex resumed>) = 0 [pid 7301] rt_sigprocmask(SIG_SETMASK, [], [pid 7300] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = 0 [pid 7301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7299] <... mount resumed>) = 0 [pid 7299] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7299] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7299] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7299] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7295] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7295] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7299] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7301] memfd_create("syzkaller", 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7301] <... memfd_create resumed>) = 3 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7301] <... mmap resumed>) = 0x7f7017800000 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", [pid 7299] <... openat resumed>) = 4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7299] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 5871] getdents64(4, [pid 7299] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7295] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7295] <... futex resumed>) = 0 [pid 5871] getdents64(4, [pid 7299] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7295] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7299] <... openat resumed>) = 5 [pid 7299] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7299] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7295] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7299] <... write resumed>) = 1116 [pid 7295] <... futex resumed>) = 0 [pid 7299] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7295] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7299] <... futex resumed>) = 0 [pid 7295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7299] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7295] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7299] <... mmap resumed>) = 0x200000000000 [pid 7295] <... futex resumed>) = 0 [pid 7299] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7295] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7299] <... futex resumed>) = 0 [pid 7295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] close(4 [pid 7299] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7295] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7299] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7298] <... mount resumed>) = 0 [pid 7295] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7295] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7299] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7295] <... futex resumed>) = 0 [pid 7299] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7295] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7298] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] rmdir("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7298] <... openat resumed>) = 3 [pid 5871] <... rmdir resumed>) = 0 [pid 7298] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7298] <... chdir resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "./127/binderfs", [pid 7298] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7298] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] unlink("./127/binderfs" [pid 7298] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 7297] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./127" [pid 7297] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rmdir resumed>) = 0 [pid 7298] <... futex resumed>) = 0 [pid 7297] <... futex resumed>) = 1 [pid 7298] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7297] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7301] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] mkdir("./128", 0777 [pid 7298] <... openat resumed>) = 4 [pid 5871] <... mkdir resumed>) = 0 [pid 7298] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7298] <... futex resumed>) = 1 [pid 7297] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 7297] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7297] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7298] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7298] <... openat resumed>) = 5 [pid 5871] close(3 [pid 7298] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7297] <... futex resumed>) = 0 [pid 7298] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7297] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7298] <... write resumed>) = 1116 [pid 7297] <... futex resumed>) = 0 [pid 7298] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7297] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7298] <... futex resumed>) = 0 [pid 7301] <... write resumed>) = 2097152 [pid 7298] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7297] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 7298] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7301] munmap(0x7f7017800000, 138412032 [pid 7298] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7297] <... futex resumed>) = 0 [pid 7297] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7302 attached [pid 7302] set_robust_list(0x55557616a6a0, 24 [pid 7298] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7302] <... set_robust_list resumed>) = 0 [pid 7298] <... futex resumed>) = 1 [pid 7297] <... futex resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 266 [pid 7297] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7298] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7297] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7298] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7298] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7302] chdir("./128" [pid 7298] <... futex resumed>) = 1 [pid 7297] <... futex resumed>) = 0 [pid 7302] <... chdir resumed>) = 0 [pid 7298] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7297] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7301] <... munmap resumed>) = 0 [pid 7302] setpgid(0, 0 [pid 7298] <... futex resumed>) = 0 [pid 7297] <... futex resumed>) = 1 [pid 7301] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7298] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7297] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7302] <... setpgid resumed>) = 0 [pid 7301] <... openat resumed>) = 4 [pid 7302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7301] ioctl(4, LOOP_SET_FD, 3 [pid 7302] <... openat resumed>) = 3 [pid 7302] write(3, "1000", 4) = 4 [pid 7302] close(3) = 0 executing program [pid 7302] symlink("/dev/binderfs", "./binderfs" [pid 7301] <... ioctl resumed>) = 0 [pid 7302] <... symlink resumed>) = 0 [pid 7301] close(3 [pid 7302] write(1, "executing program\n", 18 [pid 7301] <... close resumed>) = 0 [pid 7302] <... write resumed>) = 18 [pid 7301] close(4 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7301] <... close resumed>) = 0 [pid 7302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7301] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7302] <... mmap resumed>) = 0x7f701fcf4000 [pid 7301] <... mkdir resumed>) = 0 [pid 7302] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7301] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7296] +++ killed by SIGSEGV (core dumped) +++ [pid 7302] <... mprotect resumed>) = 0 [pid 7294] <... futex resumed>) = ? [pid 7302] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7294] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=262, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7302] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 7302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 486.800981][ T7301] loop4: detected capacity change from 0 to 4096 [pid 7302] <... clone3 resumed> => {parent_tid=[267]}, 88) = 267 [pid 5868] openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", [pid 7302] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 7303 attached [pid 7302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] getdents64(3, [pid 7302] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7303] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7302] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7303] <... rseq resumed>) = 0 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7303] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7303] memfd_create("syzkaller", 0) = 3 [pid 7303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7303] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... umount2 resumed>) = 0 [pid 7295] <... futex resumed>) = ? [pid 5868] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7299] +++ killed by SIGSEGV (core dumped) +++ [pid 7295] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] umount2("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=264, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] getdents64(4, [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... openat resumed>) = 3 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] getdents64(3, [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./126/binderfs", [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] unlink("./126/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./126") = 0 [pid 5868] mkdir("./127", 0777) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3) = 0 [pid 7303] <... write resumed>) = 2097152 [pid 7301] <... mount resumed>) = 0 [pid 7301] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7301] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7301] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7303] munmap(0x7f7017800000, 138412032 [pid 7301] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 7304 attached [pid 7301] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 264 [pid 7304] set_robust_list(0x55557616a6a0, 24 [pid 7301] <... futex resumed>) = 1 [pid 7300] <... futex resumed>) = 0 [pid 7301] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7300] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7300] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7304] <... set_robust_list resumed>) = 0 [pid 7303] <... munmap resumed>) = 0 [pid 7301] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7304] chdir("./127") = 0 [pid 7304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7303] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7301] <... openat resumed>) = 4 [pid 7304] <... prctl resumed>) = 0 [pid 7303] <... openat resumed>) = 4 [pid 7301] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7304] setpgid(0, 0 [pid 7303] ioctl(4, LOOP_SET_FD, 3 [pid 7301] <... futex resumed>) = 1 [pid 7300] <... futex resumed>) = 0 [pid 7297] <... futex resumed>) = ? [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7300] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 4 [pid 7300] <... futex resumed>) = 0 [pid 7301] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7304] <... setpgid resumed>) = 0 [pid 7304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7300] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] newfstatat(4, "", [pid 7298] +++ killed by SIGSEGV (core dumped) +++ [pid 7297] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7304] <... openat resumed>) = 3 [pid 7301] <... openat resumed>) = 5 [pid 5869] getdents64(4, [pid 7304] write(3, "1000", 4 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=269, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 7304] <... write resumed>) = 4 [pid 7303] <... ioctl resumed>) = 0 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7304] close(3) = 0 [pid 7301] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7304] symlink("/dev/binderfs", "./binderfs" [pid 7301] <... futex resumed>) = 1 [pid 7300] <... futex resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5869] getdents64(4, [pid 7304] <... symlink resumed>) = 0 [pid 7303] close(3 [pid 7301] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116executing program [pid 7300] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7304] write(1, "executing program\n", 18 [pid 7303] <... close resumed>) = 0 [pid 7301] <... write resumed>) = 1116 [pid 7300] <... futex resumed>) = 0 [pid 7304] <... write resumed>) = 18 [pid 7303] close(4 [pid 7300] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] close(4 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7303] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7304] <... futex resumed>) = 0 [pid 7303] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7301] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] rmdir("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7303] <... mkdir resumed>) = 0 [pid 7301] <... futex resumed>) = 1 [pid 7300] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7304] <... mmap resumed>) = 0x7f701fcf4000 [pid 7303] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7301] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7300] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... rmdir resumed>) = 0 [pid 7304] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7301] <... mmap resumed>) = 0x200000000000 [pid 7300] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7304] <... mprotect resumed>) = 0 [pid 7301] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(3, "", [pid 5869] umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7301] <... futex resumed>) = 0 [pid 7300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7300] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7301] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7301] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7300] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] newfstatat(AT_FDCWD, "./127/binderfs", ./strace-static-x86_64: Process 7305 attached [pid 7301] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7300] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7305] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7304] <... clone3 resumed> => {parent_tid=[265]}, 88) = 265 [pid 7301] <... futex resumed>) = 0 [pid 7300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7305] <... rseq resumed>) = 0 [pid 7304] rt_sigprocmask(SIG_SETMASK, [], [pid 7300] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] unlink("./127/binderfs" [pid 7305] set_robust_list(0x7f701fd149a0, 24 [pid 7304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7301] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7300] <... futex resumed>) = 0 [pid 7305] <... set_robust_list resumed>) = 0 [pid 7304] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7305] rt_sigprocmask(SIG_SETMASK, [], [pid 7304] <... futex resumed>) = 0 [pid 7305] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 487.194738][ T7303] loop3: detected capacity change from 0 to 4096 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7305] memfd_create("syzkaller", 0 [pid 5869] <... unlink resumed>) = 0 [pid 7305] <... memfd_create resumed>) = 3 [pid 5869] getdents64(3, [pid 7305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./127") = 0 [pid 5869] mkdir("./128", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7305] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] <... umount2 resumed>) = 0 [pid 7303] <... mount resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... close resumed>) = 0 [pid 7303] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", ./strace-static-x86_64: Process 7306 attached [pid 7303] <... openat resumed>) = 3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 266 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7306] set_robust_list(0x55557616a6a0, 24 [pid 7303] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7303] <... chdir resumed>) = 0 [pid 7306] <... set_robust_list resumed>) = 0 [pid 7303] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... openat resumed>) = 4 [pid 7306] chdir("./128" [pid 7303] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7306] <... chdir resumed>) = 0 [pid 7303] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7303] <... futex resumed>) = 1 [pid 5870] getdents64(4, [pid 7302] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7306] <... prctl resumed>) = 0 [pid 7303] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7302] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] setpgid(0, 0 [pid 7303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] close(4 [pid 7306] <... setpgid resumed>) = 0 [pid 7303] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] <... close resumed>) = 0 [pid 7306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] rmdir("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7306] <... openat resumed>) = 3 [pid 5870] umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./127/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./127") = 0 [pid 7306] write(3, "1000", 4 [pid 7303] <... openat resumed>) = 4 [pid 7306] <... write resumed>) = 4 [pid 5870] mkdir("./128", 0777 [pid 7306] close(3) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 7306] symlink("/dev/binderfs", "./binderfs" [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7306] <... symlink resumed>) = 0 executing program [pid 7306] write(1, "executing program\n", 18 [pid 5870] <... ioctl resumed>) = 0 [pid 7306] <... write resumed>) = 18 [pid 7303] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(3 [pid 7306] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7303] <... futex resumed>) = 1 [pid 7302] <... futex resumed>) = 0 [pid 7303] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7302] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7306] <... futex resumed>) = 0 [pid 7303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7303] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7306] <... mmap resumed>) = 0x7f701fcf4000 [pid 7306] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7303] <... openat resumed>) = 5 [pid 7306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7303] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7303] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7302] <... futex resumed>) = 0 [pid 7302] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7305] <... write resumed>) = 2097152 [pid 7306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... close resumed>) = 0 [pid 7303] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7305] munmap(0x7f7017800000, 138412032./strace-static-x86_64: Process 7307 attached ) = 0 [pid 7307] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7306] <... clone3 resumed> => {parent_tid=[267]}, 88) = 267 [pid 7303] <... write resumed>) = 1116 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7307] <... rseq resumed>) = 0 [pid 7306] rt_sigprocmask(SIG_SETMASK, [], [pid 7303] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7307] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7303] <... futex resumed>) = 1 [pid 7302] <... futex resumed>) = 0 [pid 7307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7306] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7303] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7302] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7308 attached [pid 7307] memfd_create("syzkaller", 0 [pid 7306] <... futex resumed>) = 0 [pid 7303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 271 [pid 7303] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7308] set_robust_list(0x55557616a6a0, 24 [pid 7307] <... memfd_create resumed>) = 3 [pid 7306] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7303] <... mmap resumed>) = 0x200000000000 [pid 7305] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7303] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7305] <... openat resumed>) = 4 [pid 7308] <... set_robust_list resumed>) = 0 [pid 7307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7303] <... futex resumed>) = 1 [pid 7302] <... futex resumed>) = 0 [pid 7303] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7302] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7307] <... mmap resumed>) = 0x7f7017800000 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7303] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7305] ioctl(4, LOOP_SET_FD, 3 [pid 7308] chdir("./128" [pid 7303] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7303] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7302] <... futex resumed>) = 0 [pid 7302] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7302] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7303] <... futex resumed>) = 0 [pid 7303] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7308] <... chdir resumed>) = 0 [pid 7308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7308] setpgid(0, 0) = 0 [pid 7308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7305] <... ioctl resumed>) = 0 [pid 7308] <... openat resumed>) = 3 [pid 7305] close(3 [pid 7308] write(3, "1000", 4) = 4 [pid 7305] <... close resumed>) = 0 [pid 7305] close(4) = 0 [pid 7305] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7305] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7308] close(3 [pid 7301] +++ killed by SIGSEGV (core dumped) +++ [pid 7300] +++ killed by SIGSEGV (core dumped) +++ [pid 7308] <... close resumed>) = 0 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=265, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- [pid 5872] umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7308] symlink("/dev/binderfs", "./binderfs" [pid 5872] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7308] <... symlink resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5872] newfstatat(3, "", executing program [pid 7308] write(1, "executing program\n", 18 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7308] <... write resumed>) = 18 [pid 7308] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7308] <... futex resumed>) = 0 [ 487.541891][ T7305] loop0: detected capacity change from 0 to 4096 [pid 7308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7308] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7309 attached => {parent_tid=[272]}, 88) = 272 [pid 7308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7309] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7309] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7309] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7308] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7309] <... futex resumed>) = 0 [pid 7308] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7309] memfd_create("syzkaller", 0) = 3 [pid 7309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7307] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7305] <... mount resumed>) = 0 [pid 7305] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7305] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7305] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7304] <... futex resumed>) = 0 [pid 7304] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7305] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7305] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7304] <... futex resumed>) = 0 [pid 7304] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7305] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7309] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7305] <... openat resumed>) = 5 [pid 5872] <... umount2 resumed>) = 0 [pid 7307] <... write resumed>) = 2097152 [pid 7305] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7304] <... futex resumed>) = 0 [pid 7304] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7307] munmap(0x7f7017800000, 138412032 [pid 7305] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7305] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7304] <... futex resumed>) = 0 [pid 7304] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7305] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7305] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7304] <... futex resumed>) = 0 [pid 7304] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7307] <... munmap resumed>) = 0 [pid 7305] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7305] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7304] <... futex resumed>) = 0 [pid 7304] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7304] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7305] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 7307] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7307] <... openat resumed>) = 4 [pid 5872] <... rmdir resumed>) = 0 [pid 5872] umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./127/binderfs" [pid 7307] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... unlink resumed>) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./127") = 0 [pid 5872] mkdir("./128", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7309] <... write resumed>) = 2097152 [pid 5872] <... openat resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7307] <... ioctl resumed>) = 0 [pid 7307] close(3) = 0 [pid 7307] close(4) = 0 [pid 7309] munmap(0x7f7017800000, 138412032 [pid 7307] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7309] <... munmap resumed>) = 0 [ 487.758597][ T7307] loop2: detected capacity change from 0 to 4096 [pid 7309] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7307] <... mkdir resumed>) = 0 [pid 7309] <... openat resumed>) = 4 [pid 7307] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7309] close(3) = 0 [pid 7309] close(4) = 0 [pid 7309] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777./strace-static-x86_64: Process 7310 attached [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 267 [pid 7309] <... mkdir resumed>) = 0 [pid 7310] set_robust_list(0x55557616a6a0, 24 [pid 7309] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7310] <... set_robust_list resumed>) = 0 [ 487.841115][ T7309] loop1: detected capacity change from 0 to 4096 [pid 7310] chdir("./128" [pid 7302] <... futex resumed>) = ? [pid 7310] <... chdir resumed>) = 0 [pid 7310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7310] setpgid(0, 0 [pid 7303] +++ killed by SIGSEGV (core dumped) +++ [pid 7302] +++ killed by SIGSEGV (core dumped) +++ [pid 7310] <... setpgid resumed>) = 0 [pid 7310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=266, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 7310] <... openat resumed>) = 3 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7310] write(3, "1000", 4 [pid 5871] <... restart_syscall resumed>) = 0 [pid 7310] <... write resumed>) = 4 [pid 7310] close(3 [pid 5871] umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7310] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7310] symlink("/dev/binderfs", "./binderfs" [pid 5871] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 7310] <... symlink resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 7310] write(1, "executing program\n", 18 [pid 5871] newfstatat(3, "", [pid 7310] <... write resumed>) = 18 [pid 7310] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7310] <... futex resumed>) = 0 [pid 7310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] getdents64(3, [pid 7310] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7310] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7310] <... mprotect resumed>) = 0 [pid 7310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7311 attached [pid 7311] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7310] <... clone3 resumed> => {parent_tid=[268]}, 88) = 268 [pid 7311] <... rseq resumed>) = 0 [pid 7310] rt_sigprocmask(SIG_SETMASK, [], [pid 7311] set_robust_list(0x7f701fd149a0, 24 [pid 7310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7311] <... set_robust_list resumed>) = 0 [pid 7310] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7310] <... futex resumed>) = 0 [pid 7311] memfd_create("syzkaller", 0 [pid 7310] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] <... memfd_create resumed>) = 3 [pid 7307] <... mount resumed>) = 0 [pid 7307] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7307] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7304] <... futex resumed>) = ? [pid 7307] <... chdir resumed>) = 0 [pid 7307] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7307] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7307] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7306] <... futex resumed>) = 0 [pid 7306] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7307] <... futex resumed>) = 0 [pid 7306] <... futex resumed>) = 1 [pid 7307] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7306] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7305] +++ killed by SIGSEGV (core dumped) +++ [pid 7304] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=264, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7309] <... mount resumed>) = 0 [pid 7307] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7307] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7306] <... futex resumed>) = 0 [pid 7309] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7307] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7306] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7309] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7306] <... futex resumed>) = 0 [pid 7309] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7307] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7306] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7309] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7309] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7308] <... futex resumed>) = 0 [pid 7307] <... openat resumed>) = 5 [pid 7308] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7307] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7309] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7308] <... futex resumed>) = 0 [pid 7308] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7307] <... futex resumed>) = 1 [pid 7306] <... futex resumed>) = 0 [pid 7306] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7307] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7306] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7309] <... openat resumed>) = 4 [pid 7307] <... write resumed>) = 1116 [pid 7309] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7307] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7309] <... futex resumed>) = 1 [pid 7308] <... futex resumed>) = 0 [pid 7307] <... futex resumed>) = 1 [pid 7306] <... futex resumed>) = 0 [pid 7309] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7308] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7307] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7306] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7308] <... futex resumed>) = 0 [pid 7307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7306] <... futex resumed>) = 0 [pid 7309] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7308] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7307] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7306] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7307] <... mmap resumed>) = 0x200000000000 [pid 7307] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7306] <... futex resumed>) = 0 [pid 7307] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7306] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7306] <... futex resumed>) = 0 [pid 7307] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7306] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7307] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7307] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7306] <... futex resumed>) = 0 [pid 7307] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7306] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7306] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7309] <... openat resumed>) = 5 [pid 7307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... umount2 resumed>) = 0 [pid 7309] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7307] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7309] <... futex resumed>) = 1 [pid 7308] <... futex resumed>) = 0 [pid 7308] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7308] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7309] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7309] <... write resumed>) = 1116 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7309] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, [pid 7309] <... futex resumed>) = 1 [pid 7308] <... futex resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7309] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7308] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] close(4 [pid 7309] <... mmap resumed>) = 0x200000000000 [pid 7308] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7308] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7309] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] unlink("./128/binderfs" [pid 7309] <... futex resumed>) = 1 [pid 7308] <... futex resumed>) = 0 [pid 7309] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7308] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7309] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7308] <... futex resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, [pid 7309] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7308] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./128") = 0 [pid 5871] mkdir("./129", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7309] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7308] <... futex resumed>) = 0 [pid 7308] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] <... write resumed>) = 2097152 [pid 7309] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7308] <... futex resumed>) = 0 [pid 7311] munmap(0x7f7017800000, 138412032 [pid 5868] <... umount2 resumed>) = 0 [pid 7311] <... munmap resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7311] <... openat resumed>) = 4 [pid 5871] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7311] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, executing program ./strace-static-x86_64: Process 7312 attached 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 268 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7312] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... rmdir resumed>) = 0 [pid 7312] <... set_robust_list resumed>) = 0 [pid 5868] umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7312] chdir("./129" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7312] <... chdir resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./127/binderfs", [pid 7312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7312] <... prctl resumed>) = 0 [pid 5868] unlink("./127/binderfs" [pid 7312] setpgid(0, 0 [pid 5868] <... unlink resumed>) = 0 [pid 7312] <... setpgid resumed>) = 0 [pid 5868] getdents64(3, [pid 7312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7312] <... openat resumed>) = 3 [pid 5868] close(3 [pid 7312] write(3, "1000", 4 [pid 5868] <... close resumed>) = 0 [pid 7312] <... write resumed>) = 4 [pid 5868] rmdir("./127" [pid 7312] close(3 [pid 5868] <... rmdir resumed>) = 0 [pid 7312] <... close resumed>) = 0 [pid 5868] mkdir("./128", 0777 [pid 7312] symlink("/dev/binderfs", "./binderfs" [pid 5868] <... mkdir resumed>) = 0 [pid 7312] <... symlink resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7312] write(1, "executing program\n", 18 [pid 5868] <... openat resumed>) = 3 [pid 7312] <... write resumed>) = 18 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7312] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... ioctl resumed>) = 0 [pid 7312] <... futex resumed>) = 0 [pid 5868] close(3 [pid 7311] <... ioctl resumed>) = 0 [pid 7311] close(3) = 0 [pid 7312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7311] close(4) = 0 [ 488.207493][ T7311] loop4: detected capacity change from 0 to 4096 [pid 7312] <... mmap resumed>) = 0x7f701fcf4000 [pid 7311] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7312] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7311] <... mkdir resumed>) = 0 [pid 7312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7311] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7313 attached => {parent_tid=[269]}, 88) = 269 [pid 7312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7312] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7313] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7313] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7313] memfd_create("syzkaller", 0) = 3 [pid 7311] <... mount resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7313] <... mmap resumed>) = 0x7f7017800000 [pid 7311] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 266 ./strace-static-x86_64: Process 7314 attached [pid 7314] set_robust_list(0x55557616a6a0, 24 [pid 7311] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7314] <... set_robust_list resumed>) = 0 [pid 7314] chdir("./128" [pid 7311] <... chdir resumed>) = 0 [pid 7311] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7314] <... chdir resumed>) = 0 [pid 7311] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7311] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] setpgid(0, 0) = 0 [pid 7311] <... futex resumed>) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7311] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7310] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7311] <... futex resumed>) = 0 [pid 7310] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7311] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7314] <... openat resumed>) = 3 executing program [pid 7314] write(3, "1000", 4) = 4 [pid 7314] close(3) = 0 [pid 7314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7314] write(1, "executing program\n", 18) = 18 [pid 7314] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7311] <... openat resumed>) = 4 [pid 7314] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7311] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7311] <... futex resumed>) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7314] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7311] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7310] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7315 attached [pid 7313] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7311] <... openat resumed>) = 5 [pid 7310] <... futex resumed>) = 0 [pid 7315] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7314] <... clone3 resumed> => {parent_tid=[267]}, 88) = 267 [pid 7310] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] <... rseq resumed>) = 0 [pid 7314] rt_sigprocmask(SIG_SETMASK, [], [pid 7315] set_robust_list(0x7f701fd149a0, 24 [pid 7314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7315] <... set_robust_list resumed>) = 0 [pid 7314] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7315] rt_sigprocmask(SIG_SETMASK, [], [pid 7314] <... futex resumed>) = 0 [pid 7315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7311] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7315] memfd_create("syzkaller", 0 [pid 7314] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7311] <... futex resumed>) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7311] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7310] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] <... write resumed>) = 1116 [pid 7310] <... futex resumed>) = 0 [pid 7315] <... memfd_create resumed>) = 3 [pid 7310] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7311] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7311] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7310] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] <... mmap resumed>) = 0x200000000000 [pid 7310] <... futex resumed>) = 0 [pid 7311] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7310] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7311] <... futex resumed>) = 0 [pid 7310] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7311] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7310] <... futex resumed>) = 0 [pid 7310] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7311] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7311] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7310] <... futex resumed>) = 0 [pid 7311] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7310] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7313] <... write resumed>) = 2097152 [pid 7315] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7313] munmap(0x7f7017800000, 138412032) = 0 [pid 7315] <... write resumed>) = 2097152 [pid 7313] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7306] <... futex resumed>) = ? [pid 7313] <... openat resumed>) = 4 [pid 7313] ioctl(4, LOOP_SET_FD, 3 [pid 7315] munmap(0x7f7017800000, 138412032) = 0 [pid 7315] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7313] <... ioctl resumed>) = 0 [pid 7307] +++ killed by SIGSEGV (core dumped) +++ [pid 7306] +++ killed by SIGSEGV (core dumped) +++ [pid 7315] <... openat resumed>) = 4 [pid 7313] close(3 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=266, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- [pid 7315] ioctl(4, LOOP_SET_FD, 3 [pid 7313] <... close resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7313] close(4) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 7313] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7309] +++ killed by SIGSEGV (core dumped) +++ [pid 7308] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7313] <... mkdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7313] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=271, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5869] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7315] <... ioctl resumed>) = 0 [pid 7315] close(3) = 0 [pid 7315] close(4) = 0 [ 488.655576][ T7313] loop3: detected capacity change from 0 to 4096 [ 488.677752][ T7315] loop0: detected capacity change from 0 to 4096 [pid 7315] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7315] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7313] <... mount resumed>) = 0 [pid 7313] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7313] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7313] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7313] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7313] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7312] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7313] <... openat resumed>) = 4 [pid 7313] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7313] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7313] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7313] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7313] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7313] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 5869] <... umount2 resumed>) = 0 [pid 7313] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7313] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7312] <... futex resumed>) = 0 [pid 7313] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7312] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7313] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7312] <... futex resumed>) = 0 [pid 7312] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7312] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7313] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5869] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(4, "", [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./128/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./128") = 0 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] mkdir("./129", 0777 [pid 5870] unlink("./128/binderfs" [pid 7315] <... mount resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 7315] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7315] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 7315] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] ioctl(3, LOOP_CLR_FD [pid 7315] <... chdir resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 7315] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] close(3 [pid 7315] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 7315] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7310] <... futex resumed>) = ? [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("./128" [pid 7315] <... futex resumed>) = 1 [pid 7314] <... futex resumed>) = 0 [pid 7314] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7314] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7311] +++ killed by SIGSEGV (core dumped) +++ [pid 7310] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./129", 0777 [pid 7315] <... openat resumed>) = 4 [pid 7315] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7314] <... futex resumed>) = 0 [pid 7314] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... mkdir resumed>) = 0 [pid 7314] <... futex resumed>) = 0 [pid 7314] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=267, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7315] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... close resumed>) = 0 [pid 7315] <... futex resumed>) = 1 [pid 7314] <... futex resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7315] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7314] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7315] <... write resumed>) = 1116 [pid 7314] <... futex resumed>) = 0 [pid 7315] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7314] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] <... futex resumed>) = 0 [pid 7314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... ioctl resumed>) = 0 [pid 7315] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7314] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] close(3 [pid 7315] <... mmap resumed>) = 0x200000000000 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7314] <... futex resumed>) = 0 [pid 7314] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7314] <... futex resumed>) = 0 [pid 7314] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7314] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7315] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5872] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7316 attached [pid 7316] set_robust_list(0x55557616a6a0, 24 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 268 [pid 7316] <... set_robust_list resumed>) = 0 [pid 7315] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7316] chdir("./129" [pid 7315] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 3 [pid 7315] <... futex resumed>) = 1 [pid 7314] <... futex resumed>) = 0 [pid 7315] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7314] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7316] <... chdir resumed>) = 0 [pid 7316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7316] setpgid(0, 0) = 0 [pid 7316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7316] write(3, "1000", 4 [pid 5872] newfstatat(3, "", [pid 7316] <... write resumed>) = 4 [pid 7316] close(3) = 0 [pid 7316] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7316] write(1, "executing program\n", 18) = 18 [pid 7316] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7316] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7317 attached => {parent_tid=[269]}, 88) = 269 [pid 7316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7316] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7317] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7316] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7317] <... rseq resumed>) = 0 [pid 7317] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5872] getdents64(3, [pid 7317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7317] memfd_create("syzkaller", 0 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7318 attached [pid 7317] <... memfd_create resumed>) = 3 [pid 7318] set_robust_list(0x55557616a6a0, 24 [pid 7317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 273 [pid 7317] <... mmap resumed>) = 0x7f7017800000 [pid 7318] <... set_robust_list resumed>) = 0 [pid 7318] chdir("./129") = 0 [pid 7318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7318] setpgid(0, 0) = 0 [pid 7318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7318] write(3, "1000", 4) = 4 [pid 7318] close(3) = 0 [pid 7318] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7318] write(1, "executing program\n", 18) = 18 [pid 7317] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7318] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7318] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[274]}, 88) = 274 ./strace-static-x86_64: Process 7319 attached [pid 7318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7319] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7318] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7319] <... rseq resumed>) = 0 [pid 7318] <... futex resumed>) = 0 [pid 7319] set_robust_list(0x7f701fd149a0, 24 [pid 7318] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7319] <... set_robust_list resumed>) = 0 [pid 7319] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... umount2 resumed>) = 0 [pid 7319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7319] memfd_create("syzkaller", 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7319] <... memfd_create resumed>) = 3 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7317] <... write resumed>) = 2097152 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7317] munmap(0x7f7017800000, 138412032) = 0 [pid 7312] <... futex resumed>) = ? [pid 5872] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7317] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7317] <... openat resumed>) = 4 [pid 7317] ioctl(4, LOOP_SET_FD, 3 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7313] +++ killed by SIGSEGV (core dumped) +++ [pid 7312] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=268, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7319] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7317] <... ioctl resumed>) = 0 [pid 5872] newfstatat(4, "", [pid 5871] <... restart_syscall resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7317] close(3 [pid 5871] umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7317] <... close resumed>) = 0 [pid 5872] getdents64(4, [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7317] close(4 [pid 5872] getdents64(4, [pid 5871] <... openat resumed>) = 3 [pid 7317] <... close resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] newfstatat(3, "", [pid 7317] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5872] close(4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... close resumed>) = 0 [pid 5871] getdents64(3, [pid 5872] rmdir("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7317] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] <... rmdir resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 489.304728][ T7317] loop2: detected capacity change from 0 to 4096 [pid 5872] newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./128/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./128") = 0 [pid 5872] mkdir("./129", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7319] <... write resumed>) = 2097152 [pid 7319] munmap(0x7f7017800000, 138412032) = 0 [pid 7314] <... futex resumed>) = ? [pid 5872] <... close resumed>) = 0 [pid 7319] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7319] <... openat resumed>) = 4 [pid 7319] ioctl(4, LOOP_SET_FD, 3 [pid 7315] +++ killed by SIGSEGV (core dumped) +++ [pid 7314] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=266, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5868] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5868] umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7319] <... ioctl resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 269 [pid 7319] close(3./strace-static-x86_64: Process 7320 attached ) = 0 [pid 7317] <... mount resumed>) = 0 [pid 7317] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7319] close(4) = 0 [pid 7319] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7319] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7320] set_robust_list(0x55557616a6a0, 24) = 0 [ 489.462139][ T7319] loop1: detected capacity change from 0 to 4096 [pid 7320] chdir("./129" [pid 7317] <... openat resumed>) = 3 [pid 5871] <... umount2 resumed>) = 0 [pid 7320] <... chdir resumed>) = 0 [pid 7320] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7317] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7320] <... prctl resumed>) = 0 [pid 7317] <... chdir resumed>) = 0 [pid 7317] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7320] setpgid(0, 0 [pid 7317] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7320] <... setpgid resumed>) = 0 [pid 7317] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7317] <... futex resumed>) = 1 [pid 7320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7317] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7316] <... futex resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7320] <... openat resumed>) = 3 [pid 7317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7316] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7316] <... futex resumed>) = 0 [pid 7317] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7316] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7320] write(3, "1000", 4 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7320] <... write resumed>) = 4 [pid 5871] <... openat resumed>) = 4 [pid 7320] close(3 [pid 5871] newfstatat(4, "", [pid 7320] <... close resumed>) = 0 [pid 7320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 executing program [pid 7320] write(1, "executing program\n", 18 [pid 5871] getdents64(4, [pid 7320] <... write resumed>) = 18 [pid 7320] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7320] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7320] <... mprotect resumed>) = 0 [pid 7320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7321 attached [pid 7317] <... openat resumed>) = 4 [pid 7320] <... clone3 resumed> => {parent_tid=[270]}, 88) = 270 [pid 7320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7320] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7321] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7320] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7321] <... rseq resumed>) = 0 [pid 7321] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7317] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] close(4) = 0 [pid 7321] rt_sigprocmask(SIG_SETMASK, [], [pid 7317] <... futex resumed>) = 1 [pid 7316] <... futex resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7317] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7316] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7321] memfd_create("syzkaller", 0 [pid 7317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7316] <... futex resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 7316] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7317] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5871] umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7321] <... memfd_create resumed>) = 3 [pid 7321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7317] <... openat resumed>) = 5 [pid 5871] newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7317] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] unlink("./129/binderfs" [pid 7317] <... futex resumed>) = 1 [pid 7316] <... futex resumed>) = 0 [pid 7316] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7317] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7316] <... futex resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 7317] <... write resumed>) = 1116 [pid 7316] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] getdents64(3, [pid 7317] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7317] <... futex resumed>) = 1 [pid 7316] <... futex resumed>) = 0 [pid 5871] close(3 [pid 7317] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7316] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7316] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./129" [pid 7317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... rmdir resumed>) = 0 [pid 7317] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5871] mkdir("./130", 0777) = 0 [pid 7317] <... mmap resumed>) = 0x200000000000 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7317] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = 0 [pid 7317] <... futex resumed>) = 1 [pid 7316] <... futex resumed>) = 0 [pid 7316] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7317] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7316] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 7316] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7317] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 7317] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] close(3 [pid 7317] <... futex resumed>) = 1 [pid 7316] <... futex resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7317] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7316] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7317] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7319] <... mount resumed>) = 0 [pid 7319] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7319] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5868] <... openat resumed>) = 4 [pid 7319] <... chdir resumed>) = 0 [pid 7319] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] newfstatat(4, "", [pid 7319] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7319] <... futex resumed>) = 1 [pid 7319] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7318] <... futex resumed>) = 0 [pid 5868] getdents64(4, [pid 7318] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7318] <... futex resumed>) = 1 [pid 5868] getdents64(4, [pid 7319] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7318] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7319] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7319] <... openat resumed>) = 4 [pid 5868] newfstatat(AT_FDCWD, "./128/binderfs", [pid 7319] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7321] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7319] <... futex resumed>) = 1 [pid 7318] <... futex resumed>) = 0 [pid 5868] unlink("./128/binderfs" [pid 7318] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7318] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7319] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] <... unlink resumed>) = 0 [pid 7319] <... openat resumed>) = 5 [pid 5871] <... close resumed>) = 0 [pid 5868] getdents64(3, [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 7322 attached [pid 7319] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(3 [pid 7319] <... futex resumed>) = 1 [pid 5868] <... close resumed>) = 0 [pid 7318] <... futex resumed>) = 0 [pid 7319] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7322] chdir("./130") = 0 [pid 7318] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 270 [pid 5868] rmdir("./128" [pid 7322] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7318] <... futex resumed>) = 1 [pid 5868] <... rmdir resumed>) = 0 [pid 7318] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] mkdir("./129", 0777 [pid 7322] <... prctl resumed>) = 0 [pid 7322] setpgid(0, 0 [pid 5868] <... mkdir resumed>) = 0 [pid 7322] <... setpgid resumed>) = 0 [pid 7322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7319] <... futex resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7322] <... openat resumed>) = 3 [pid 7319] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5868] <... openat resumed>) = 3 [pid 7322] write(3, "1000", 4 [pid 7319] <... write resumed>) = 1116 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7322] <... write resumed>) = 4 [pid 7319] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... ioctl resumed>) = 0 [pid 7322] close(3 [pid 5868] close(3 [pid 7322] <... close resumed>) = 0 [pid 7319] <... futex resumed>) = 1 [pid 7322] symlink("/dev/binderfs", "./binderfs" [pid 7319] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] <... symlink resumed>) = 0 [pid 7318] <... futex resumed>) = 0 [pid 7318] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7322] write(1, "executing program\n", 18 [pid 7319] <... futex resumed>) = 0 executing program [pid 7318] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7322] <... write resumed>) = 18 [pid 7319] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7322] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7319] <... mmap resumed>) = 0x200000000000 [pid 7322] <... futex resumed>) = 0 [pid 7319] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7319] <... futex resumed>) = 1 [pid 7322] <... mmap resumed>) = 0x7f701fcf4000 [pid 7319] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7318] <... futex resumed>) = 0 [pid 7318] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7322] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7319] <... futex resumed>) = 0 [pid 7318] <... futex resumed>) = 1 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7318] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7319] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7322] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7319] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7319] <... futex resumed>) = 1 [pid 7318] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7323 attached [pid 7319] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7318] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7318] <... futex resumed>) = 0 [pid 7319] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7322] <... clone3 resumed> => {parent_tid=[271]}, 88) = 271 [pid 7322] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7324 attached [pid 7323] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7323] <... rseq resumed>) = 0 [pid 7322] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7322] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7324] set_robust_list(0x55557616a6a0, 24 [pid 7323] set_robust_list(0x7f701fd149a0, 24 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 268 [pid 7324] <... set_robust_list resumed>) = 0 [pid 7323] <... set_robust_list resumed>) = 0 [pid 7321] <... write resumed>) = 2097152 [pid 7321] munmap(0x7f7017800000, 138412032 [pid 7324] chdir("./129" [pid 7323] rt_sigprocmask(SIG_SETMASK, [], [pid 7324] <... chdir resumed>) = 0 [pid 7323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7321] <... munmap resumed>) = 0 [pid 7324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7324] setpgid(0, 0) = 0 [pid 7324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7323] memfd_create("syzkaller", 0 [pid 7324] <... openat resumed>) = 3 [pid 7323] <... memfd_create resumed>) = 3 [pid 7323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7324] write(3, "1000", 4) = 4 [pid 7323] <... mmap resumed>) = 0x7f7017800000 [pid 7321] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7324] close(3) = 0 [pid 7321] <... openat resumed>) = 4 [pid 7324] symlink("/dev/binderfs", "./binderfs" [pid 7321] ioctl(4, LOOP_SET_FD, 3 [pid 7324] <... symlink resumed>) = 0 executing program [pid 7324] write(1, "executing program\n", 18) = 18 [pid 7324] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7324] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7321] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7325 attached [pid 7321] close(3 [pid 7324] <... clone3 resumed> => {parent_tid=[269]}, 88) = 269 [pid 7321] <... close resumed>) = 0 [pid 7325] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7324] rt_sigprocmask(SIG_SETMASK, [], [pid 7321] close(4 [pid 7325] <... rseq resumed>) = 0 [pid 7324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7321] <... close resumed>) = 0 [pid 7325] set_robust_list(0x7f701fd149a0, 24 [pid 7324] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7325] <... set_robust_list resumed>) = 0 [pid 7324] <... futex resumed>) = 0 [pid 7325] rt_sigprocmask(SIG_SETMASK, [], [pid 7324] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7325] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 489.851757][ T7321] loop4: detected capacity change from 0 to 4096 [pid 7325] memfd_create("syzkaller", 0 [pid 7321] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7323] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7325] <... memfd_create resumed>) = 3 [pid 7321] <... mkdir resumed>) = 0 [pid 7325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7321] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7316] <... futex resumed>) = ? [pid 7321] <... mount resumed>) = 0 [pid 7321] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7321] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7321] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7321] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7320] <... futex resumed>) = 0 [pid 7321] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7320] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7320] <... futex resumed>) = 0 [pid 7321] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7320] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7323] <... write resumed>) = 2097152 [pid 7321] <... openat resumed>) = 4 [pid 7317] +++ killed by SIGSEGV (core dumped) +++ [pid 7316] +++ killed by SIGSEGV (core dumped) +++ [pid 7321] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7320] <... futex resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=268, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 7320] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7320] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7325] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7323] munmap(0x7f7017800000, 138412032 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7321] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7323] <... munmap resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 7321] <... openat resumed>) = 5 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 7321] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7321] <... futex resumed>) = 1 [pid 7320] <... futex resumed>) = 0 [pid 7321] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7320] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7320] <... futex resumed>) = 0 [pid 7321] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7320] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7323] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7321] <... write resumed>) = 1116 [pid 7323] <... openat resumed>) = 4 [pid 7323] ioctl(4, LOOP_SET_FD, 3 [pid 7321] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7320] <... futex resumed>) = 0 [pid 7321] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7320] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7321] <... mmap resumed>) = 0x200000000000 [pid 7320] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7321] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] <... ioctl resumed>) = 0 [pid 7321] <... futex resumed>) = 1 [pid 7320] <... futex resumed>) = 0 [pid 7325] <... write resumed>) = 2097152 [pid 7323] close(3 [pid 7321] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7320] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] <... close resumed>) = 0 [pid 7323] close(4) = 0 [pid 7320] <... futex resumed>) = 0 [pid 7323] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7323] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7321] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7320] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7321] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7320] <... futex resumed>) = 0 [pid 7321] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7320] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [ 490.062822][ T7323] loop3: detected capacity change from 0 to 4096 [pid 7325] munmap(0x7f7017800000, 138412032) = 0 [pid 7319] +++ killed by SIGSEGV (core dumped) +++ [pid 7318] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=273, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 5870] umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7325] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7325] <... openat resumed>) = 4 [pid 5870] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7325] close(3) = 0 [pid 7325] close(4) = 0 [pid 7325] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 490.147933][ T7325] loop0: detected capacity change from 0 to 4096 [pid 7325] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./129/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./129") = 0 [pid 5869] mkdir("./130", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7323] <... mount resumed>) = 0 [pid 7323] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7323] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7323] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7323] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7323] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] <... futex resumed>) = 0 [pid 7322] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7325] <... mount resumed>) = 0 [pid 7325] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7325] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7323] <... futex resumed>) = 0 [pid 7322] <... futex resumed>) = 1 [pid 7325] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7323] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] <... umount2 resumed>) = 0 [pid 7322] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7325] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7325] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7324] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7325] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7323] <... openat resumed>) = 4 [pid 5869] <... close resumed>) = 0 [pid 7325] <... openat resumed>) = 4 [pid 7323] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7325] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7323] <... futex resumed>) = 1 [pid 7322] <... futex resumed>) = 0 [pid 7325] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7323] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7322] <... futex resumed>) = 0 [pid 7324] <... futex resumed>) = 0 [pid 7323] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7322] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7324] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7324] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7325] <... futex resumed>) = 0 [pid 7323] <... openat resumed>) = 5 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7325] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7323] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7323] <... futex resumed>) = 1 [pid 7322] <... futex resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 7322] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7325] <... openat resumed>) = 5 [pid 7322] <... futex resumed>) = 0 [pid 5870] unlink("./129/binderfs" [pid 7323] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 270 [pid 7322] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7326 attached [pid 7325] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7323] <... write resumed>) = 1116 [pid 5870] <... unlink resumed>) = 0 [pid 7326] set_robust_list(0x55557616a6a0, 24 [pid 7325] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7324] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7326] <... set_robust_list resumed>) = 0 [pid 7325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7324] <... futex resumed>) = 0 [pid 7323] <... futex resumed>) = 1 [pid 7322] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7325] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7324] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7323] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7326] chdir("./130" [pid 7325] <... write resumed>) = 1116 [pid 7323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7322] <... futex resumed>) = 0 [pid 5870] close(3 [pid 7326] <... chdir resumed>) = 0 [pid 7325] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7322] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 7326] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7325] <... futex resumed>) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7323] <... mmap resumed>) = 0x200000000000 [pid 5870] rmdir("./129" [pid 7326] <... prctl resumed>) = 0 [pid 7325] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7324] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 7326] setpgid(0, 0 [pid 7325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7324] <... futex resumed>) = 0 [pid 7323] <... futex resumed>) = 1 [pid 7322] <... futex resumed>) = 0 [pid 7326] <... setpgid resumed>) = 0 [pid 7325] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7324] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7323] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] mkdir("./130", 0777 [pid 7325] <... mmap resumed>) = 0x200000000000 [pid 7323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7322] <... futex resumed>) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 7326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7325] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7322] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7326] write(3, "1000", 4 [pid 7325] <... futex resumed>) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7323] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] <... openat resumed>) = 3 [pid 7326] <... write resumed>) = 4 [pid 7325] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7324] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7320] <... futex resumed>) = ? [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7326] close(3 [pid 7325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7324] <... futex resumed>) = 0 [pid 7323] <... futex resumed>) = 1 [pid 7322] <... futex resumed>) = 0 [pid 5870] <... ioctl resumed>) = 0 [pid 7325] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7324] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7323] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7322] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(3 [pid 7325] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7322] <... futex resumed>) = 0 [pid 7326] <... close resumed>) = 0 [pid 7325] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7322] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7326] symlink("/dev/binderfs", "./binderfs" [pid 7325] <... futex resumed>) = 1 [pid 7324] <... futex resumed>) = 0 [pid 7323] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7324] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7324] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7325] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7326] <... symlink resumed>) = 0 [pid 7326] write(1, "executing program\n", 18 [pid 7321] +++ killed by SIGSEGV (core dumped) +++ [pid 7320] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=269, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=21 /* 0.21 s */} --- executing program [pid 7326] <... write resumed>) = 18 [pid 7326] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7326] <... mmap resumed>) = 0x7f701fcf4000 [pid 7326] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7326] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5870] <... close resumed>) = 0 ./strace-static-x86_64: Process 7327 attached [pid 7326] <... clone3 resumed> => {parent_tid=[271]}, 88) = 271 [pid 7327] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7326] rt_sigprocmask(SIG_SETMASK, [], [pid 7327] <... rseq resumed>) = 0 [pid 7327] set_robust_list(0x7f701fd149a0, 24 [pid 7326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7327] <... set_robust_list resumed>) = 0 [pid 7327] rt_sigprocmask(SIG_SETMASK, [], [pid 7326] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7326] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7328 attached [pid 7327] memfd_create("syzkaller", 0 [pid 7326] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7327] <... memfd_create resumed>) = 3 [pid 7328] set_robust_list(0x55557616a6a0, 24 [pid 7327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7328] <... set_robust_list resumed>) = 0 [pid 7327] <... mmap resumed>) = 0x7f7017800000 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 275 [pid 7328] chdir("./130") = 0 [pid 7328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7328] setpgid(0, 0) = 0 [pid 7328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7328] write(3, "1000", 4) = 4 [pid 7328] close(3) = 0 [pid 7328] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7328] write(1, "executing program\n", 18) = 18 [pid 7328] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7327] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7328] <... mmap resumed>) = 0x7f701fcf4000 [pid 7328] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7329 attached [pid 7329] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7328] <... clone3 resumed> => {parent_tid=[276]}, 88) = 276 [pid 7329] <... rseq resumed>) = 0 [pid 7328] rt_sigprocmask(SIG_SETMASK, [], [pid 7329] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7329] rt_sigprocmask(SIG_SETMASK, [], [pid 7328] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7328] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7329] memfd_create("syzkaller", 0) = 3 [pid 7329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... umount2 resumed>) = 0 [pid 7329] <... mmap resumed>) = 0x7f7017800000 [pid 5872] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7327] <... write resumed>) = 2097152 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./129/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./129") = 0 [pid 5872] mkdir("./130", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7329] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7327] munmap(0x7f7017800000, 138412032) = 0 [pid 7327] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] <... close resumed>) = 0 [pid 7327] <... openat resumed>) = 4 [pid 7327] ioctl(4, LOOP_SET_FD, 3 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7330 attached [pid 7330] set_robust_list(0x55557616a6a0, 24 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 271 [pid 7330] <... set_robust_list resumed>) = 0 [pid 7330] chdir("./130") = 0 [pid 7330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7330] setpgid(0, 0) = 0 [pid 7327] <... ioctl resumed>) = 0 [pid 7330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7330] write(3, "1000", 4) = 4 [pid 7330] close(3) = 0 [pid 7330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7327] close(3 [pid 7322] <... futex resumed>) = ? [pid 7327] <... close resumed>) = 0 [pid 7327] close(4) = 0 [ 490.817616][ T7327] loop2: detected capacity change from 0 to 4096 executing program [pid 7327] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7330] write(1, "executing program\n", 18 [pid 7327] <... mkdir resumed>) = 0 [pid 7324] <... futex resumed>) = ? [pid 7330] <... write resumed>) = 18 [pid 7330] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7327] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7330] <... futex resumed>) = 0 [pid 7330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7330] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7331 attached => {parent_tid=[272]}, 88) = 272 [pid 7330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7331] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7330] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7331] <... rseq resumed>) = 0 [pid 7330] <... futex resumed>) = 0 [pid 7331] set_robust_list(0x7f701fd149a0, 24 [pid 7330] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7325] +++ killed by SIGSEGV (core dumped) +++ [pid 7324] +++ killed by SIGSEGV (core dumped) +++ [pid 7329] <... write resumed>) = 2097152 [pid 7323] +++ killed by SIGSEGV (core dumped) +++ [pid 7322] +++ killed by SIGSEGV (core dumped) +++ [pid 7331] <... set_robust_list resumed>) = 0 [pid 7329] munmap(0x7f7017800000, 138412032 [pid 7331] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=270, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=268, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [pid 7331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7331] memfd_create("syzkaller", 0 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5871] umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7331] <... memfd_create resumed>) = 3 [pid 7329] <... munmap resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(3, "", [pid 5868] openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7331] <... mmap resumed>) = 0x7f7017800000 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] newfstatat(3, "", [pid 5871] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7329] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7329] <... openat resumed>) = 4 [pid 7329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7329] close(3) = 0 [pid 7329] close(4) = 0 [pid 7329] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 490.942986][ T7329] loop1: detected capacity change from 0 to 4096 [pid 7329] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7331] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7327] <... mount resumed>) = 0 [pid 7327] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7327] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7327] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7327] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7326] <... futex resumed>) = 0 [pid 7327] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7326] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7326] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7327] <... openat resumed>) = 4 [pid 7327] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7326] <... futex resumed>) = 0 [pid 7327] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7326] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7327] <... openat resumed>) = 5 [pid 7326] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7327] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7326] <... futex resumed>) = 0 [pid 7326] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7327] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7326] <... futex resumed>) = 0 [pid 7326] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7327] <... write resumed>) = 1116 [pid 7327] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... umount2 resumed>) = 0 [pid 7326] <... futex resumed>) = 0 [pid 7327] <... futex resumed>) = 1 [pid 7326] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7327] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7326] <... futex resumed>) = 0 [pid 7327] <... mmap resumed>) = 0x200000000000 [pid 7326] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7327] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", [pid 7331] <... write resumed>) = 2097152 [pid 7329] <... mount resumed>) = 0 [pid 7327] <... futex resumed>) = 1 [pid 7326] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7329] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7327] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7326] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7326] <... futex resumed>) = 0 [pid 7329] <... openat resumed>) = 3 [pid 7327] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7326] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] getdents64(4, [pid 7329] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7327] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7329] <... chdir resumed>) = 0 [pid 7327] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7329] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7327] <... futex resumed>) = 1 [pid 7326] <... futex resumed>) = 0 [pid 5868] getdents64(4, [pid 7329] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7327] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7326] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7329] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7331] munmap(0x7f7017800000, 138412032 [pid 5868] close(4 [pid 7329] <... futex resumed>) = 1 [pid 7328] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x32\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7328] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./129/binderfs" [pid 5871] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... unlink resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] getdents64(3, [pid 7328] <... futex resumed>) = 0 [pid 7329] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7328] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] close(3 [pid 5871] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] rmdir("./129" [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... rmdir resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5868] mkdir("./130", 0777 [pid 5871] newfstatat(4, "", [pid 5868] <... mkdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 7331] <... munmap resumed>) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 7331] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] close(3 [pid 7331] <... openat resumed>) = 4 [pid 7331] ioctl(4, LOOP_SET_FD, 3 [pid 5871] getdents64(4, [pid 7331] <... ioctl resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./130/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./130") = 0 [pid 5871] mkdir("./131", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7329] <... openat resumed>) = 4 [pid 5871] <... ioctl resumed>) = 0 [pid 7329] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7328] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] close(3 [pid 5868] <... close resumed>) = 0 [pid 7329] <... futex resumed>) = 0 [pid 7328] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7329] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7328] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7331] close(3) = 0 [pid 7331] close(4) = 0 [pid 7331] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7331] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7329] <... openat resumed>) = 5 [ 491.147389][ T7331] loop4: detected capacity change from 0 to 4096 ./strace-static-x86_64: Process 7332 attached [pid 7329] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] set_robust_list(0x55557616a6a0, 24 [pid 7329] <... futex resumed>) = 1 [pid 7328] <... futex resumed>) = 0 [pid 7328] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7328] <... futex resumed>) = 0 [pid 7332] <... set_robust_list resumed>) = 0 [pid 7329] <... write resumed>) = 1116 [pid 7328] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 270 [pid 7332] chdir("./130" [pid 7329] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7328] <... futex resumed>) = 0 [pid 7328] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] <... chdir resumed>) = 0 [pid 7329] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7328] <... futex resumed>) = 0 [pid 7332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7328] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7332] <... prctl resumed>) = 0 [pid 7332] setpgid(0, 0) = 0 [pid 7332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7332] write(3, "1000", 4) = 4 [pid 7332] close(3) = 0 [pid 7332] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7332] write(1, "executing program\n", 18) = 18 [pid 7332] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7329] <... mmap resumed>) = 0x200000000000 [pid 7332] <... futex resumed>) = 0 [pid 7329] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7329] <... futex resumed>) = 1 [pid 7328] <... futex resumed>) = 0 [pid 7332] <... mmap resumed>) = 0x7f701fcf4000 [pid 7329] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7328] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7328] <... futex resumed>) = 0 [pid 7332] <... mprotect resumed>) = 0 [pid 7329] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7328] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7332] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7329] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7332] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] <... close resumed>) = 0 [pid 7332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7333 attached [pid 7329] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] <... clone3 resumed> => {parent_tid=[271]}, 88) = 271 [pid 7333] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7332] rt_sigprocmask(SIG_SETMASK, [], [pid 7329] <... futex resumed>) = 1 [pid 7328] <... futex resumed>) = 0 [pid 7333] <... rseq resumed>) = 0 [pid 7332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7333] set_robust_list(0x7f701fd149a0, 24 [pid 7332] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] <... set_robust_list resumed>) = 0 [pid 7332] <... futex resumed>) = 0 [pid 7333] rt_sigprocmask(SIG_SETMASK, [], [pid 7332] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7329] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7328] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] memfd_create("syzkaller", 0) = 3 [pid 7333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7334 attached , child_tidptr=0x55557616a690) = 272 [pid 7334] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7334] chdir("./131") = 0 [pid 7334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7334] setpgid(0, 0) = 0 [pid 7334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7334] write(3, "1000", 4) = 4 [pid 7334] close(3) = 0 [pid 7334] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7334] write(1, "executing program\n", 18) = 18 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7334] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7335 attached => {parent_tid=[273]}, 88) = 273 [pid 7335] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7334] rt_sigprocmask(SIG_SETMASK, [], [pid 7335] <... rseq resumed>) = 0 [pid 7334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7335] set_robust_list(0x7f701fd149a0, 24 [pid 7334] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7335] <... set_robust_list resumed>) = 0 [pid 7334] <... futex resumed>) = 0 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7335] memfd_create("syzkaller", 0) = 3 [pid 7333] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7331] <... mount resumed>) = 0 [pid 7331] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7331] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7331] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7331] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7335] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7333] <... write resumed>) = 2097152 [pid 7331] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7330] <... futex resumed>) = 0 [pid 7330] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7331] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7333] munmap(0x7f7017800000, 138412032) = 0 [pid 7333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7333] ioctl(4, LOOP_SET_FD, 3 [pid 7331] <... openat resumed>) = 4 [pid 7330] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7331] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7331] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7330] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7330] <... futex resumed>) = 0 [pid 7331] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7330] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7331] <... openat resumed>) = 5 [pid 7333] <... ioctl resumed>) = 0 [pid 7331] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7330] <... futex resumed>) = 0 [pid 7330] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7333] close(3) = 0 [pid 7333] close(4) = 0 [pid 7333] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7333] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7331] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7331] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7330] <... futex resumed>) = 0 [pid 7330] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7331] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7331] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7330] <... futex resumed>) = 0 [ 491.498414][ T7333] loop0: detected capacity change from 0 to 4096 [pid 7330] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7330] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7335] <... write resumed>) = 2097152 [pid 7331] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7335] munmap(0x7f7017800000, 138412032 [pid 7331] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7335] <... munmap resumed>) = 0 [pid 7331] <... futex resumed>) = 1 [pid 7330] <... futex resumed>) = 0 [pid 7326] <... futex resumed>) = ? [pid 7331] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7330] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7330] <... futex resumed>) = 0 [pid 7331] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7330] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7335] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7327] +++ killed by SIGSEGV (core dumped) +++ [pid 7326] +++ killed by SIGSEGV (core dumped) +++ [pid 7335] <... openat resumed>) = 4 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=270, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 7335] ioctl(4, LOOP_SET_FD, 3 [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7335] <... ioctl resumed>) = 0 [pid 7335] close(3) = 0 [pid 7335] close(4) = 0 [pid 7335] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 491.608155][ T7335] loop3: detected capacity change from 0 to 4096 [pid 7335] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7328] <... futex resumed>) = ? [pid 7329] +++ killed by SIGSEGV (core dumped) +++ [pid 7328] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=275, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 7333] <... mount resumed>) = 0 [pid 7333] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7333] <... openat resumed>) = 3 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7333] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7333] <... chdir resumed>) = 0 [pid 7333] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] <... openat resumed>) = 3 [pid 7333] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] newfstatat(3, "", [pid 7333] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7333] <... futex resumed>) = 1 [pid 5870] getdents64(3, [pid 7333] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7332] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7332] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7332] <... futex resumed>) = 0 [pid 7332] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7333] <... openat resumed>) = 4 [pid 7333] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7332] <... futex resumed>) = 0 [pid 7332] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7332] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7333] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7333] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7332] <... futex resumed>) = 0 [pid 7332] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7332] <... futex resumed>) = 0 [pid 7333] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7332] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = 0 [pid 7332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7333] <... futex resumed>) = 0 [pid 7332] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7332] <... futex resumed>) = 0 [pid 7333] <... mmap resumed>) = 0x200000000000 [pid 7332] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7333] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7333] <... futex resumed>) = 1 [pid 7333] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7332] <... futex resumed>) = 0 [pid 7332] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7333] <... futex resumed>) = 0 [pid 7332] <... futex resumed>) = 1 [pid 7333] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7332] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7333] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7333] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7332] <... futex resumed>) = 0 [pid 7332] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7332] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7333] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7335] <... mount resumed>) = 0 [pid 7335] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", [pid 7335] <... openat resumed>) = 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7335] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5869] getdents64(4, [pid 7335] <... chdir resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 7335] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... close resumed>) = 0 [pid 7335] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] rmdir("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7335] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7335] <... futex resumed>) = 1 [pid 5870] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7335] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./130/binderfs", [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7334] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7334] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] unlink("./130/binderfs" [pid 7334] <... futex resumed>) = 1 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7335] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... unlink resumed>) = 0 [pid 5869] getdents64(3, [pid 7335] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5869] close(3 [pid 5870] newfstatat(4, "", [pid 5869] <... close resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] rmdir("./130") = 0 [pid 5869] mkdir("./131", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] getdents64(4, [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 7334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7334] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7334] <... futex resumed>) = 0 [pid 7334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcd3000 [pid 5870] rmdir("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7334] mprotect(0x7f701fcd4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fcf3990, parent_tid=0x7f701fcf3990, exit_signal=0, stack=0x7f701fcd3000, stack_size=0x20300, tls=0x7f701fcf36c0} => {parent_tid=[274]}, 88) = 274 [pid 7334] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 7336 attached [pid 7336] rseq(0x7f701fcf3fe0, 0x20, 0, 0x53053053 [pid 7334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7334] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7334] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7336] <... rseq resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./130/binderfs", [pid 7336] set_robust_list(0x7f701fcf39a0, 24) = 0 [pid 7336] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7335] <... openat resumed>) = 4 [pid 7336] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7335] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] unlink("./130/binderfs" [pid 7335] <... futex resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 7335] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./130") = 0 [pid 5870] mkdir("./131", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7334] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7335] <... futex resumed>) = 0 [pid 7334] <... futex resumed>) = 1 [pid 7335] write(-1, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7335] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 7335] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7334] <... futex resumed>) = 0 [pid 7335] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, -1, 0 [pid 7334] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7335] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 7334] <... futex resumed>) = 0 [pid 7335] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7335] <... futex resumed>) = 0 [pid 7334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7335] ioctl(4, FS_IOC_FIEMAP, {fm_start=8386112019190083683, fm_length=6925037769141310720, fm_flags=FIEMAP_FLAG_SYNC|0x46815928, fm_extent_count=3171790145} [pid 7334] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7335] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 7334] <... futex resumed>) = 0 [pid 7335] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7335] <... futex resumed>) = 0 [pid 7334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7335] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000 [pid 7334] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7336] <... openat resumed>) = 5 [pid 5870] <... openat resumed>) = 3 [pid 7336] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7335] <... open resumed>) = 6 [pid 7335] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7336] <... futex resumed>) = 0 [pid 7335] <... futex resumed>) = 1 [pid 7334] <... futex resumed>) = 0 [pid 7336] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7334] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... ioctl resumed>) = 0 [pid 7334] <... futex resumed>) = 0 [pid 7334] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7335] truncate("./bus", 7) = 0 [pid 5870] close(3 [pid 5869] <... close resumed>) = 0 [pid 7330] <... futex resumed>) = ? [pid 7331] +++ killed by SIGSEGV (core dumped) +++ [pid 7330] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=271, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7335] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7334] futex(0x7f702060d6f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7335] <... futex resumed>) = 0 [pid 7334] <... futex resumed>) = 1 [pid 7335] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7334] futex(0x7f702060d6fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7336] <... futex resumed>) = 0 [pid 5872] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 7337 attached [pid 7336] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC, 0357 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 272 [pid 5872] umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 492.049458][ T30] audit: type=1800 audit(1749889909.398:2): pid=7335 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor330" name="bus" dev="loop3" ino=35 res=0 errno=0 [pid 5872] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 492.109105][ T7336] [ 492.111516][ T7336] ====================================================== [ 492.118569][ T7336] WARNING: possible circular locking dependency detected [ 492.125975][ T7336] 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 Not tainted [ 492.133176][ T7336] ------------------------------------------------------ [ 492.140216][ T7336] syz-executor330/7336 is trying to acquire lock: [ 492.146723][ T7336] ffff888070db7680 (&ni->ni_lock#3/5){+.+.}-{4:4}, at: ntfs_read_folio+0xba/0x200 [ 492.156030][ T7336] [ 492.156030][ T7336] but task is already holding lock: [ 492.163403][ T7336] ffff888070db7ab8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: filemap_get_pages+0xc29/0x1ea0 [ 492.173792][ T7336] [ 492.173792][ T7336] which lock already depends on the new lock. [ 492.173792][ T7336] [ 492.184215][ T7336] [ 492.184215][ T7336] the existing dependency chain (in reverse order) is: [ 492.193240][ T7336] [ 492.193240][ T7336] -> #2 (mapping.invalidate_lock#3){.+.+}-{4:4}: [ 492.201790][ T7336] lock_acquire+0x120/0x360 [ 492.206849][ T7336] down_read+0x46/0x2e0 [ 492.211547][ T7336] filemap_fault+0x546/0x1200 [ 492.216759][ T7336] __do_fault+0x135/0x390 [ 492.221626][ T7336] __handle_mm_fault+0x37ed/0x5620 [ 492.227270][ T7336] handle_mm_fault+0x2d5/0x7f0 [ 492.232565][ T7336] __get_user_pages+0x1af4/0x30b0 [ 492.238119][ T7336] __gup_longterm_locked+0xd66/0x15b0 [ 492.244022][ T7336] pin_user_pages_remote+0xd4/0x120 [ 492.249753][ T7336] process_vm_rw+0x59e/0xb40 [ 492.254874][ T7336] __x64_sys_process_vm_readv+0xe0/0x100 [ 492.261044][ T7336] do_syscall_64+0xfa/0x3b0 [ 492.266101][ T7336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.272545][ T7336] [ 492.272545][ T7336] -> #1 (&mm->mmap_lock){++++}-{4:4}: [ 492.280125][ T7336] lock_acquire+0x120/0x360 [ 492.285185][ T7336] __might_fault+0xcc/0x130 [ 492.290224][ T7336] _copy_to_user+0x2c/0xb0 [ 492.295170][ T7336] fiemap_fill_next_extent+0x1c0/0x390 [ 492.301166][ T7336] ni_fiemap+0x391/0xbf0 [ 492.305970][ T7336] ntfs_fiemap+0xda/0x130 [ 492.310837][ T7336] do_vfs_ioctl+0x16d3/0x1990 [ 492.316049][ T7336] __se_sys_ioctl+0x82/0x170 [ 492.321176][ T7336] do_syscall_64+0xfa/0x3b0 [ 492.326210][ T7336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.332634][ T7336] [ 492.332634][ T7336] -> #0 (&ni->ni_lock#3/5){+.+.}-{4:4}: [ 492.340398][ T7336] validate_chain+0xb9b/0x2140 [ 492.345705][ T7336] __lock_acquire+0xab9/0xd20 [ 492.350929][ T7336] lock_acquire+0x120/0x360 [ 492.355984][ T7336] __mutex_lock+0x182/0xe80 [ 492.361021][ T7336] ntfs_read_folio+0xba/0x200 [ 492.366240][ T7336] filemap_read_folio+0x114/0x380 [ 492.371798][ T7336] filemap_get_pages+0xd4e/0x1ea0 [ 492.377353][ T7336] filemap_read+0x3f6/0x11a0 [ 492.382479][ T7336] __kernel_read+0x469/0x8c0 [ 492.387692][ T7336] integrity_kernel_read+0x89/0xd0 [ 492.393338][ T7336] ima_calc_file_hash+0x85e/0x16f0 [ 492.398990][ T7336] ima_collect_measurement+0x428/0x8d0 [ 492.404992][ T7336] process_measurement+0x1121/0x1a40 [ 492.410833][ T7336] ima_file_check+0xd7/0x120 [ 492.415967][ T7336] security_file_post_open+0xbb/0x290 [ 492.421891][ T7336] path_openat+0x2f26/0x3830 [ 492.427022][ T7336] do_filp_open+0x1fa/0x410 [ 492.432059][ T7336] do_sys_openat2+0x121/0x1c0 [ 492.437278][ T7336] __x64_sys_openat+0x138/0x170 [ 492.442672][ T7336] do_syscall_64+0xfa/0x3b0 [ 492.447707][ T7336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.454133][ T7336] [ 492.454133][ T7336] other info that might help us debug this: [ 492.454133][ T7336] [ 492.464368][ T7336] Chain exists of: [ 492.464368][ T7336] &ni->ni_lock#3/5 --> &mm->mmap_lock --> mapping.invalidate_lock#3 [ 492.464368][ T7336] [ 492.478319][ T7336] Possible unsafe locking scenario: [ 492.478319][ T7336] [ 492.485773][ T7336] CPU0 CPU1 [ 492.491146][ T7336] ---- ---- [ 492.496515][ T7336] rlock(mapping.invalidate_lock#3); [ 492.501908][ T7336] lock(&mm->mmap_lock); [ 492.508774][ T7336] lock(mapping.invalidate_lock#3); [ 492.516599][ T7336] lock(&ni->ni_lock#3/5); [ 492.521166][ T7336] [ 492.521166][ T7336] *** DEADLOCK *** [ 492.521166][ T7336] [ 492.529332][ T7336] 2 locks held by syz-executor330/7336: [ 492.534882][ T7336] #0: ffff888034e077d8 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x74b/0x1a40 [ 492.545977][ T7336] #1: ffff888070db7ab8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: filemap_get_pages+0xc29/0x1ea0 [ 492.556796][ T7336] [ 492.556796][ T7336] stack backtrace: [ 492.562702][ T7336] CPU: 0 UID: 0 PID: 7336 Comm: syz-executor330 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) [ 492.562723][ T7336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 492.562740][ T7336] Call Trace: [ 492.562754][ T7336] [ 492.562762][ T7336] dump_stack_lvl+0x189/0x250 [ 492.562791][ T7336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.562815][ T7336] ? __pfx__printk+0x10/0x10 [ 492.562831][ T7336] ? print_lock_name+0xde/0x100 [ 492.562859][ T7336] print_circular_bug+0x2ee/0x310 [ 492.562887][ T7336] check_noncircular+0x134/0x160 [ 492.562915][ T7336] validate_chain+0xb9b/0x2140 [ 492.562949][ T7336] ? look_up_lock_class+0x74/0x170 [ 492.562976][ T7336] ? register_lock_class+0x51/0x320 [ 492.562999][ T7336] __lock_acquire+0xab9/0xd20 [ 492.563022][ T7336] ? ntfs_read_folio+0xba/0x200 [ 492.563047][ T7336] lock_acquire+0x120/0x360 [ 492.563067][ T7336] ? ntfs_read_folio+0xba/0x200 [ 492.563098][ T7336] __mutex_lock+0x182/0xe80 [ 492.563112][ T7336] ? ntfs_read_folio+0xba/0x200 [ 492.563136][ T7336] ? __lock_acquire+0xab9/0xd20 [ 492.563160][ T7336] ? ntfs_read_folio+0xba/0x200 [ 492.563187][ T7336] ? __pfx___mutex_lock+0x10/0x10 [ 492.563206][ T7336] ? __folio_batch_add_and_move+0x7f8/0xd20 [ 492.563227][ T7336] ntfs_read_folio+0xba/0x200 [ 492.563254][ T7336] filemap_read_folio+0x114/0x380 [ 492.563274][ T7336] ? __pfx_ntfs_read_folio+0x10/0x10 [ 492.563299][ T7336] ? __pfx_filemap_read_folio+0x10/0x10 [ 492.563319][ T7336] ? filemap_add_folio+0x1af/0x270 [ 492.563336][ T7336] filemap_get_pages+0xd4e/0x1ea0 [ 492.563365][ T7336] ? __pfx_filemap_get_pages+0x10/0x10 [ 492.563383][ T7336] ? __lock_acquire+0xab9/0xd20 [ 492.563405][ T7336] ? __pfx___might_resched+0x10/0x10 [ 492.563435][ T7336] filemap_read+0x3f6/0x11a0 [ 492.563456][ T7336] ? kernel_text_address+0xa5/0xe0 [ 492.563477][ T7336] ? __kernel_text_address+0xd/0x40 [ 492.563499][ T7336] ? __pfx_filemap_read+0x10/0x10 [ 492.563525][ T7336] ? kasan_save_track+0x3e/0x80 [ 492.563543][ T7336] ? generic_file_read_iter+0x8f/0x510 [ 492.563562][ T7336] ? ntfs_file_read_iter+0x248/0x2d0 [ 492.563584][ T7336] __kernel_read+0x469/0x8c0 [ 492.563604][ T7336] ? __pfx___kernel_read+0x10/0x10 [ 492.563631][ T7336] integrity_kernel_read+0x89/0xd0 [ 492.563650][ T7336] ? __pfx_integrity_kernel_read+0x10/0x10 [ 492.563669][ T7336] ? __kasan_kmalloc+0x93/0xb0 [ 492.563688][ T7336] ? ima_calc_file_hash+0x820/0x16f0 [ 492.563713][ T7336] ima_calc_file_hash+0x85e/0x16f0 [ 492.563739][ T7336] ? __kernel_text_address+0xd/0x40 [ 492.563758][ T7336] ? unwind_get_return_address+0x4d/0x90 [ 492.563782][ T7336] ? arch_stack_walk+0xfc/0x150 [ 492.563810][ T7336] ? __pfx_ima_calc_file_hash+0x10/0x10 [ 492.563852][ T7336] ? make_vfsgid+0x49/0xa0 [ 492.563867][ T7336] ? generic_fillattr+0x63d/0x9a0 [ 492.563893][ T7336] ? ntfs_getattr+0x2ab/0x3a0 [ 492.563916][ T7336] ima_collect_measurement+0x428/0x8d0 [ 492.563952][ T7336] ? __pfx_ima_collect_measurement+0x10/0x10 [ 492.563977][ T7336] ? ntfs_get_ea+0x367/0x4e0 [ 492.563997][ T7336] ? __pfx_ntfs_getxattr+0x10/0x10 [ 492.564020][ T7336] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 492.564044][ T7336] process_measurement+0x1121/0x1a40 [ 492.564074][ T7336] ? __pfx_process_measurement+0x10/0x10 [ 492.564096][ T7336] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 492.564118][ T7336] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 492.564138][ T7336] ? smk_access+0x14c/0x4e0 [ 492.564166][ T7336] ? tomoyo_file_open+0x166/0x220 [ 492.564186][ T7336] ima_file_check+0xd7/0x120 [ 492.564210][ T7336] ? __pfx_ima_file_check+0x10/0x10 [ 492.564235][ T7336] security_file_post_open+0xbb/0x290 [ 492.564259][ T7336] path_openat+0x2f26/0x3830 [ 492.564275][ T7336] ? arch_stack_walk+0xfc/0x150 [ 492.564312][ T7336] ? __pfx_path_openat+0x10/0x10 [ 492.564327][ T7336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.564351][ T7336] do_filp_open+0x1fa/0x410 [ 492.564367][ T7336] ? __lock_acquire+0xab9/0xd20 [ 492.564388][ T7336] ? __pfx_do_filp_open+0x10/0x10 [ 492.564413][ T7336] ? _raw_spin_unlock+0x28/0x50 [ 492.564433][ T7336] ? alloc_fd+0x64c/0x6c0 [ 492.564458][ T7336] do_sys_openat2+0x121/0x1c0 [ 492.564484][ T7336] ? __pfx_do_sys_openat2+0x10/0x10 [ 492.564512][ T7336] ? rcu_is_watching+0x15/0xb0 [ 492.564538][ T7336] __x64_sys_openat+0x138/0x170 [ 492.564565][ T7336] do_syscall_64+0xfa/0x3b0 [ 492.564581][ T7336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.564597][ T7336] ? __switch_to_asm+0x39/0x70 [ 492.564612][ T7336] ? clear_bhb_loop+0x60/0xb0 [ 492.564630][ T7336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.564646][ T7336] RIP: 0033:0x7f702056ca09 [ 492.564668][ T7336] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 492.564682][ T7336] RSP: 002b:00007f701fcf3218 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 492.564699][ T7336] RAX: ffffffffffffffda RBX: 00007f702060d6f8 RCX: 00007f702056ca09 [ 492.564711][ T7336] RDX: 0000000000101142 RSI: 0000200000000040 RDI: 00000000ffffff9c [ 492.564722][ T7336] RBP: 00007f702060d6f0 R08: 0000000000000000 R09: 0000000000000000 [pid 5872] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7333] +++ killed by SIGSEGV (core dumped) +++ [pid 7332] <... futex resumed>) = ? [pid 7337] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5870] <... close resumed>) = 0 [ 492.564733][ T7336] R10: 00000000000000ef R11: 0000000000000246 R12: 00007f70205d8e14 [ 492.564743][ T7336] R13: 0000200000000040 R14: 00002000000005c0 R15: 00002000000000c0 [ 492.564762][ T7336] [pid 7332] +++ killed by SIGSEGV (core dumped) +++ [pid 7336] <... openat resumed>) = 7 [pid 7336] futex(0x7f702060d6fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7336] futex(0x7f702060d6f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7334] close(3) = 0 [pid 7334] close(4) = 0 [pid 7334] close(5) = 0 [pid 7334] close(6) = 0 [pid 7334] close(7) = 0 [pid 7334] close(8) = -1 EBADF (Bad file descriptor) [pid 7334] close(9) = -1 EBADF (Bad file descriptor) [pid 7334] close(10) = -1 EBADF (Bad file descriptor) [pid 7334] close(11) = -1 EBADF (Bad file descriptor) [pid 7334] close(12) = -1 EBADF (Bad file descriptor) [pid 7334] close(13) = -1 EBADF (Bad file descriptor) [pid 7334] close(14) = -1 EBADF (Bad file descriptor) [pid 7334] close(15) = -1 EBADF (Bad file descriptor) [pid 7334] close(16) = -1 EBADF (Bad file descriptor) [pid 7334] close(17) = -1 EBADF (Bad file descriptor) [pid 7334] close(18) = -1 EBADF (Bad file descriptor) [pid 7334] close(19) = -1 EBADF (Bad file descriptor) [pid 7334] close(20) = -1 EBADF (Bad file descriptor) [pid 7334] close(21) = -1 EBADF (Bad file descriptor) [pid 7334] close(22) = -1 EBADF (Bad file descriptor) [pid 7334] close(23) = -1 EBADF (Bad file descriptor) [pid 7334] close(24) = -1 EBADF (Bad file descriptor) [pid 7334] close(25) = -1 EBADF (Bad file descriptor) [pid 7334] close(26) = -1 EBADF (Bad file descriptor) [pid 7334] close(27) = -1 EBADF (Bad file descriptor) [pid 7334] close(28) = -1 EBADF (Bad file descriptor) [pid 7334] close(29) = -1 EBADF (Bad file descriptor) [pid 7334] exit_group(0 [pid 7336] <... futex resumed>) = ? [pid 7335] <... futex resumed>) = ? [pid 7334] <... exit_group resumed>) = ? [pid 7336] +++ exited with 0 +++ [pid 7335] +++ exited with 0 +++ [pid 7334] +++ exited with 0 +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=270, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=60 /* 0.60 s */} --- [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=272, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 7337] chdir("./131" [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 277 [pid 5871] umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... openat resumed>) = 3 [pid 5868] openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] newfstatat(3, "", [pid 5868] <... openat resumed>) = 3 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] newfstatat(3, "", [pid 5871] getdents64(3, [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] getdents64(3, [pid 5871] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7338 attached [pid 5871] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7338] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./131/binderfs", [pid 7337] <... chdir resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./131/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./131") = 0 [pid 5871] mkdir("./132", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7338] <... set_robust_list resumed>) = 0 [pid 7337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] <... umount2 resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7338] chdir("./131" [pid 7337] <... prctl resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7338] <... chdir resumed>) = 0 [pid 7337] setpgid(0, 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7337] <... setpgid resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7338] <... prctl resumed>) = 0 [pid 7337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7338] setpgid(0, 0 [pid 7337] <... openat resumed>) = 3 [pid 5872] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7338] <... setpgid resumed>) = 0 [pid 7337] write(3, "1000", 4 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7337] <... write resumed>) = 4 [pid 7338] <... openat resumed>) = 3 [pid 7337] close(3 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7338] write(3, "1000", 4 [pid 7337] <... close resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 4 [pid 7338] <... write resumed>) = 4 [pid 7337] symlink("/dev/binderfs", "./binderfs" [pid 5872] newfstatat(4, "", [pid 5868] newfstatat(4, "", [pid 7338] close(3 [pid 7337] <... symlink resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7338] <... close resumed>) = 0 [pid 7337] write(1, "executing program\n", 18 [pid 5872] getdents64(4, [pid 5868] getdents64(4, executing program [pid 7338] symlink("/dev/binderfs", "./binderfs" [pid 7337] <... write resumed>) = 18 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7338] <... symlink resumed>) = 0 [pid 7337] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(4, [pid 5868] getdents64(4, [pid 7338] write(1, "executing program\n", 18 [pid 7337] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 executing program [pid 7338] <... write resumed>) = 18 [pid 7337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] close(4 [pid 5868] close(4 [pid 5871] <... close resumed>) = 0 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7337] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7338] <... futex resumed>) = 0 [pid 7337] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] rmdir("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] rmdir("\x2e\x2f\x31\x33\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7338] <... mmap resumed>) = 0x7f701fcf4000 [pid 7337] <... mprotect resumed>) = 0 [pid 5872] umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7338] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7338] <... mprotect resumed>) = 0 [pid 7337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] newfstatat(AT_FDCWD, "./130/binderfs", [pid 5868] newfstatat(AT_FDCWD, "./130/binderfs", [pid 7338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7339 attached [pid 7339] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7338] <... clone3 resumed> => {parent_tid=[278]}, 88) = 278 [pid 7339] <... rseq resumed>) = 0 [pid 7338] rt_sigprocmask(SIG_SETMASK, [], [pid 7339] set_robust_list(0x7f701fd149a0, 24 [pid 7338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7339] <... set_robust_list resumed>) = 0 [pid 7338] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7339] rt_sigprocmask(SIG_SETMASK, [], [pid 7338] <... futex resumed>) = 0 [pid 7339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7339] memfd_create("syzkaller", 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7339] <... memfd_create resumed>) = 3 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7341 attached ./strace-static-x86_64: Process 7340 attached [pid 5872] unlink("./130/binderfs" [pid 5868] unlink("./130/binderfs" [pid 7341] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7340] set_robust_list(0x55557616a6a0, 24 [pid 7339] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7337] <... clone3 resumed> => {parent_tid=[273]}, 88) = 273 [pid 5872] <... unlink resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 275 [pid 5868] <... unlink resumed>) = 0 [pid 7341] <... rseq resumed>) = 0 [pid 7340] <... set_robust_list resumed>) = 0 [pid 7337] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] getdents64(3, [pid 5868] getdents64(3, [pid 7341] set_robust_list(0x7f701fd149a0, 24 [pid 7340] chdir("./132" [pid 7337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7341] <... set_robust_list resumed>) = 0 [pid 7340] <... chdir resumed>) = 0 [pid 7337] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] close(3 [pid 5868] close(3 [pid 7341] rt_sigprocmask(SIG_SETMASK, [], [pid 7340] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7337] <... futex resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7340] <... prctl resumed>) = 0 [pid 7337] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] rmdir("./130" [pid 5868] rmdir("./130" [pid 7341] memfd_create("syzkaller", 0 [pid 7340] setpgid(0, 0 [pid 5872] <... rmdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7341] <... memfd_create resumed>) = 3 [pid 7340] <... setpgid resumed>) = 0 [pid 5872] mkdir("./131", 0777 [pid 5868] mkdir("./131", 0777 [pid 7341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... mkdir resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 7341] <... mmap resumed>) = 0x7f7017800000 [pid 7340] <... openat resumed>) = 3 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7340] write(3, "1000", 4 [pid 7339] <... write resumed>) = 2097152 [pid 7340] <... write resumed>) = 4 [pid 7340] close(3 [pid 7339] munmap(0x7f7017800000, 138412032 [pid 5872] <... openat resumed>) = 3 [pid 5868] <... openat resumed>) = 3 [pid 7340] <... close resumed>) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7340] symlink("/dev/binderfs", "./binderfs" [pid 5872] <... ioctl resumed>) = 0 executing program [pid 7340] <... symlink resumed>) = 0 [pid 7339] <... munmap resumed>) = 0 [pid 5872] close(3 [pid 5868] <... ioctl resumed>) = 0 [pid 7340] write(1, "executing program\n", 18 [pid 5868] close(3 [pid 7340] <... write resumed>) = 18 [pid 7340] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7339] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7339] ioctl(4, LOOP_SET_FD, 3 [pid 7340] <... futex resumed>) = 0 [pid 7339] <... ioctl resumed>) = 0 [pid 7339] close(3) = 0 [pid 7340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7339] close(4 [pid 7340] <... mmap resumed>) = 0x7f701fcf4000 [pid 7339] <... close resumed>) = 0 [pid 7340] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7339] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7339] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7340] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] <... close resumed>) = 0 [pid 7340] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7342 attached => {parent_tid=[276]}, 88) = 276 [pid 7340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7340] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7342] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7340] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7342] <... rseq resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7342] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7342] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 7343 attached [pid 7341] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 272 ./strace-static-x86_64: Process 7344 attached [ 493.304117][ T7339] loop1: detected capacity change from 0 to 4096 [pid 7343] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7339] <... mount resumed>) = 0 [pid 7344] set_robust_list(0x55557616a6a0, 24 [pid 7343] chdir("./131" [pid 7341] <... write resumed>) = 2097152 [pid 7339] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 273 [pid 7339] <... openat resumed>) = 3 [pid 7339] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7339] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7339] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7344] <... set_robust_list resumed>) = 0 [pid 7343] <... chdir resumed>) = 0 [pid 7341] munmap(0x7f7017800000, 138412032 [pid 7339] <... futex resumed>) = 1 [pid 7344] chdir("./131" [pid 7343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7341] <... munmap resumed>) = 0 [pid 7339] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7338] <... futex resumed>) = 0 [pid 7344] <... chdir resumed>) = 0 [pid 7343] <... prctl resumed>) = 0 [pid 7344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7343] setpgid(0, 0 [pid 7344] <... prctl resumed>) = 0 [pid 7343] <... setpgid resumed>) = 0 [pid 7344] setpgid(0, 0 [pid 7343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7344] <... setpgid resumed>) = 0 [pid 7343] <... openat resumed>) = 3 [pid 7338] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program executing program ) = 3 [pid 7343] write(3, "1000", 4 [pid 7344] write(3, "1000", 4 [pid 7343] <... write resumed>) = 4 [pid 7344] <... write resumed>) = 4 [pid 7343] close(3 [pid 7344] close(3 [pid 7343] <... close resumed>) = 0 [pid 7344] <... close resumed>) = 0 [pid 7343] symlink("/dev/binderfs", "./binderfs" [pid 7344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7343] <... symlink resumed>) = 0 [pid 7344] write(1, "executing program\n", 18 [pid 7343] write(1, "executing program\n", 18 [pid 7344] <... write resumed>) = 18 [pid 7343] <... write resumed>) = 18 [pid 7344] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7343] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7344] <... futex resumed>) = 0 [pid 7343] <... futex resumed>) = 0 [pid 7344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7341] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7344] <... mmap resumed>) = 0x7f701fcf4000 [pid 7343] <... mmap resumed>) = 0x7f701fcf4000 [pid 7341] <... openat resumed>) = 4 [pid 7339] <... futex resumed>) = 0 [pid 7338] <... futex resumed>) = 1 [pid 7344] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7343] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7341] ioctl(4, LOOP_SET_FD, 3 [pid 7339] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7344] <... mprotect resumed>) = 0 [pid 7343] <... mprotect resumed>) = 0 [pid 7344] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7343] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7344] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7343] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7346 attached ./strace-static-x86_64: Process 7345 attached [pid 7345] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7344] <... clone3 resumed> => {parent_tid=[274]}, 88) = 274 [pid 7343] <... clone3 resumed> => {parent_tid=[273]}, 88) = 273 [pid 7339] <... openat resumed>) = 4 [pid 7345] <... rseq resumed>) = 0 [pid 7344] rt_sigprocmask(SIG_SETMASK, [], [pid 7343] rt_sigprocmask(SIG_SETMASK, [], [pid 7339] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] set_robust_list(0x7f701fd149a0, 24 [pid 7344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7339] <... futex resumed>) = 1 [pid 7338] <... futex resumed>) = 0 [pid 7345] <... set_robust_list resumed>) = 0 [pid 7344] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7343] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7339] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7338] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7345] rt_sigprocmask(SIG_SETMASK, [], [pid 7344] <... futex resumed>) = 0 [pid 7343] <... futex resumed>) = 0 [pid 7339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7338] <... futex resumed>) = 0 [pid 7346] <... rseq resumed>) = 0 [pid 7345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7344] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7343] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7339] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7346] set_robust_list(0x7f701fd149a0, 24 [pid 7345] memfd_create("syzkaller", 0 [pid 7339] <... openat resumed>) = 5 [pid 7346] <... set_robust_list resumed>) = 0 [pid 7345] <... memfd_create resumed>) = 3 [pid 7339] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] rt_sigprocmask(SIG_SETMASK, [], [pid 7345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7339] <... futex resumed>) = 1 [pid 7338] <... futex resumed>) = 0 [pid 7346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7345] <... mmap resumed>) = 0x7f7017800000 [pid 7342] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7341] <... ioctl resumed>) = 0 [pid 7338] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 493.411108][ T7341] loop2: detected capacity change from 0 to 4096 [pid 7346] memfd_create("syzkaller", 0 [pid 7342] <... write resumed>) = 2097152 [pid 7339] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7341] close(3 [pid 7339] <... write resumed>) = 1116 [pid 7339] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7341] <... close resumed>) = 0 [pid 7339] <... futex resumed>) = 1 [pid 7338] <... futex resumed>) = 0 [pid 7346] <... memfd_create resumed>) = 3 [pid 7341] close(4 [pid 7338] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7341] <... close resumed>) = 0 [pid 7339] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7338] <... futex resumed>) = 0 [pid 7346] <... mmap resumed>) = 0x7f7017800000 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7342] munmap(0x7f7017800000, 138412032 [pid 7341] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7339] <... mmap resumed>) = 0x200000000000 [pid 7341] <... mkdir resumed>) = 0 [pid 7339] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7338] <... futex resumed>) = 0 [pid 7338] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7339] <... futex resumed>) = 1 [pid 7339] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7339] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7338] <... futex resumed>) = 0 [pid 7338] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7338] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7339] <... futex resumed>) = 1 [pid 7339] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7341] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7346] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7345] <... write resumed>) = 2097152 [pid 7342] <... munmap resumed>) = 0 [pid 7345] munmap(0x7f7017800000, 138412032 [pid 7342] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7346] <... write resumed>) = 2097152 [pid 7346] munmap(0x7f7017800000, 138412032 [pid 7342] <... openat resumed>) = 4 [pid 7342] ioctl(4, LOOP_SET_FD, 3 [pid 7346] <... munmap resumed>) = 0 [pid 7346] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7342] <... ioctl resumed>) = 0 [pid 7345] <... munmap resumed>) = 0 [pid 7342] close(3 [pid 7346] <... openat resumed>) = 4 [pid 7346] ioctl(4, LOOP_SET_FD, 3 [pid 7345] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7342] <... close resumed>) = 0 [pid 7342] close(4 [pid 7345] <... openat resumed>) = 4 [pid 7342] <... close resumed>) = 0 [pid 7346] <... ioctl resumed>) = 0 [pid 7345] ioctl(4, LOOP_SET_FD, 3 [pid 7342] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7346] close(3) = 0 [pid 7345] <... ioctl resumed>) = 0 [pid 7342] <... mkdir resumed>) = 0 [pid 7346] close(4 [pid 7345] close(3 [pid 7342] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7346] <... close resumed>) = 0 [pid 7345] <... close resumed>) = 0 [pid 7346] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7345] close(4 [pid 7346] <... mkdir resumed>) = 0 [pid 7345] <... close resumed>) = 0 [pid 7346] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7345] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7345] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7338] <... futex resumed>) = ? [pid 7339] +++ killed by SIGSEGV (core dumped) +++ [pid 7338] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=277, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 493.542551][ T7342] loop3: detected capacity change from 0 to 4096 [ 493.559734][ T7346] loop0: detected capacity change from 0 to 4096 [ 493.572059][ T7345] loop4: detected capacity change from 0 to 4096 [pid 5870] umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7345] <... mount resumed>) = 0 [pid 7345] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7342] <... mount resumed>) = 0 [pid 7341] <... mount resumed>) = 0 [pid 7345] <... openat resumed>) = 3 [pid 7342] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7341] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7345] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7342] <... openat resumed>) = 3 [pid 7341] <... openat resumed>) = 3 [pid 7345] <... chdir resumed>) = 0 [pid 7342] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7341] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7345] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7342] <... chdir resumed>) = 0 [pid 7341] <... chdir resumed>) = 0 [pid 7345] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7342] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7341] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7345] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7341] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7345] <... futex resumed>) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7342] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7341] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7344] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] <... futex resumed>) = 1 [pid 7341] <... futex resumed>) = 1 [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 7344] <... futex resumed>) = 0 [pid 7342] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7341] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7340] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7337] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7344] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 7341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7340] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7337] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] <... openat resumed>) = 4 [pid 7342] <... openat resumed>) = 4 [pid 7341] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7345] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7345] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7344] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7344] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] <... openat resumed>) = 5 [pid 7345] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7344] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7344] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7345] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7346] <... mount resumed>) = 0 [pid 7345] <... write resumed>) = 1116 [pid 7342] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7345] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] <... futex resumed>) = 1 [pid 7341] <... openat resumed>) = 4 [pid 7340] <... futex resumed>) = 0 [pid 7345] <... futex resumed>) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7342] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7341] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7344] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7341] <... futex resumed>) = 1 [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 7344] <... futex resumed>) = 0 [pid 7341] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7340] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7337] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7344] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7337] <... futex resumed>) = 0 [pid 7337] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7342] <... openat resumed>) = 5 [pid 7341] <... openat resumed>) = 5 [pid 7345] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7342] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7341] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] <... mmap resumed>) = 0x200000000000 [pid 7342] <... futex resumed>) = 1 [pid 7341] <... futex resumed>) = 1 [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 7345] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7341] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7340] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7337] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] <... futex resumed>) = 1 [pid 7344] <... futex resumed>) = 0 [pid 7342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 7345] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7344] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7341] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7340] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7337] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7346] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7345] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7344] <... futex resumed>) = 0 [pid 7342] <... write resumed>) = 1116 [pid 7341] <... write resumed>) = 1116 [pid 7345] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7344] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7342] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7341] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] <... futex resumed>) = 0 [pid 7344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7342] <... futex resumed>) = 1 [pid 7341] <... futex resumed>) = 1 [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 7345] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7344] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7341] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7340] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7337] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7344] <... futex resumed>) = 0 [pid 7342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 7345] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7344] ???( [pid 7342] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7341] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7340] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7337] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7346] <... chdir resumed>) = 0 [pid 7342] <... mmap resumed>) = 0x200000000000 [pid 7341] <... mmap resumed>) = 0x200000000000 [pid 5870] <... umount2 resumed>) = 0 [pid 7346] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7341] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7337] <... futex resumed>) = 0 [pid 7346] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7342] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7341] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7337] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] <... futex resumed>) = 1 [pid 7341] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7346] <... futex resumed>) = 1 [pid 7343] <... futex resumed>) = 0 [pid 7342] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7346] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7343] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7337] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7346] <... futex resumed>) = 0 [pid 7343] <... futex resumed>) = 1 [pid 7346] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7343] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7341] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7342] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7341] <... futex resumed>) = 1 [pid 7340] <... futex resumed>) = 0 [pid 7337] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7342] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7341] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7340] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7337] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7346] <... openat resumed>) = 4 [pid 7342] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... openat resumed>) = 4 [pid 7346] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7340] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(4, "", [pid 7346] <... futex resumed>) = 1 [pid 7343] <... futex resumed>) = 0 [pid 7340] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7346] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7343] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7342] <... futex resumed>) = 0 [pid 7340] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(4, [pid 7346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7343] <... futex resumed>) = 0 [pid 7342] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7346] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7343] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(4, [pid 7346] <... openat resumed>) = 5 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7346] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] close(4 [pid 7346] <... futex resumed>) = 1 [pid 7343] <... futex resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7346] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7343] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7343] <... futex resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 7346] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7343] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7346] <... write resumed>) = 1116 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7346] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(AT_FDCWD, "./131/binderfs", [pid 7346] <... futex resumed>) = 1 [pid 7343] <... futex resumed>) = 0 [pid 7346] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7343] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] <... mmap resumed>) = 0x200000000000 [pid 7343] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7343] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] unlink("./131/binderfs" [pid 7346] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... unlink resumed>) = 0 [pid 7346] <... futex resumed>) = 1 [pid 7343] <... futex resumed>) = 0 [pid 5870] getdents64(3, [pid 7343] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7343] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7343] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7346] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] close(3 [pid 7346] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7346] <... futex resumed>) = 1 [pid 7343] <... futex resumed>) = 0 [pid 5870] rmdir("./131" [pid 7343] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7346] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7343] <... futex resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 7343] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] mkdir("./132", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7344] <... ??? resumed>) = ? [pid 5870] <... close resumed>) = 0 [pid 7345] +++ killed by SIGSEGV (core dumped) +++ [pid 7344] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=273, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 7347 attached [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 279 [pid 5872] umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", [pid 7347] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7347] chdir("./132") = 0 [pid 7347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7347] setpgid(0, 0) = 0 [pid 7347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7347] write(3, "1000", 4) = 4 [pid 7347] close(3) = 0 [pid 7347] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7347] write(1, "executing program\n", 18) = 18 [pid 7347] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7347] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] newfstatat(4, "", [pid 7347] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7347] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 7347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7337] <... futex resumed>) = ? ./strace-static-x86_64: Process 7348 attached [pid 5872] rmdir("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7347] <... clone3 resumed> => {parent_tid=[280]}, 88) = 280 [pid 7341] +++ killed by SIGSEGV (core dumped) +++ [pid 7337] +++ killed by SIGSEGV (core dumped) +++ [pid 7348] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5872] <... rmdir resumed>) = 0 [pid 7348] <... rseq resumed>) = 0 [pid 7347] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=272, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 7348] set_robust_list(0x7f701fd149a0, 24 [pid 7347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7348] <... set_robust_list resumed>) = 0 [pid 7347] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7348] rt_sigprocmask(SIG_SETMASK, [], [pid 7347] <... futex resumed>) = 0 [pid 7348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7348] memfd_create("syzkaller", 0 [pid 7347] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./131/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./131") = 0 [pid 5872] mkdir("./132", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 7348] <... memfd_create resumed>) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 7348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 7348] <... mmap resumed>) = 0x7f7017800000 [pid 5869] umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", [pid 7343] <... futex resumed>) = ? [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7346] +++ killed by SIGSEGV (core dumped) +++ [pid 7343] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=272, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5868] umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 7348] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7342] +++ killed by SIGSEGV (core dumped) +++ [pid 7340] <... futex resumed>) = ? [pid 7340] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=275, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 275 ./strace-static-x86_64: Process 7349 attached [pid 7349] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7349] chdir("./132") = 0 [pid 7349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7349] setpgid(0, 0) = 0 [pid 7349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... restart_syscall resumed>) = 0 [pid 7349] <... openat resumed>) = 3 [pid 7349] write(3, "1000", 4 [pid 5871] umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7349] <... write resumed>) = 4 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7349] close(3) = 0 [pid 7349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7349] write(1, "executing program\n", 18executing program ) = 18 [pid 7349] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7349] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7350 attached [pid 7348] <... write resumed>) = 2097152 [pid 5869] <... umount2 resumed>) = 0 [pid 7350] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7349] <... clone3 resumed> => {parent_tid=[276]}, 88) = 276 [pid 7348] munmap(0x7f7017800000, 138412032 [pid 7350] <... rseq resumed>) = 0 [pid 7350] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7350] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7349] rt_sigprocmask(SIG_SETMASK, [], [pid 7348] <... munmap resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = 0 [pid 7349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... openat resumed>) = 4 [pid 7349] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7348] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5871] <... umount2 resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7350] <... futex resumed>) = 0 [pid 7349] <... futex resumed>) = 1 [pid 7348] <... openat resumed>) = 4 [pid 5871] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(4, "", [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7349] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7348] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7350] memfd_create("syzkaller", 0 [pid 7348] <... ioctl resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] getdents64(4, [pid 5868] <... openat resumed>) = 4 [pid 7348] close(3) = 0 [pid 7348] close(4) = 0 [pid 7348] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] newfstatat(4, "", [pid 5871] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] getdents64(4, [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7350] <... memfd_create resumed>) = 3 [pid 7348] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] getdents64(4, [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] close(4 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] <... openat resumed>) = 4 [pid 5869] <... close resumed>) = 0 [pid 5868] getdents64(4, [pid 7350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] newfstatat(4, "", [pid 5869] rmdir("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7350] <... mmap resumed>) = 0x7f7017800000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5868] close(4 [pid 5871] getdents64(4, [pid 5869] umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... close resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] rmdir("\x2e\x2f\x31\x33\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] getdents64(4, [pid 5869] newfstatat(AT_FDCWD, "./131/binderfs", [pid 5868] <... rmdir resumed>) = 0 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] close(4 [pid 5869] unlink("./131/binderfs" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... close resumed>) = 0 [pid 5869] <... unlink resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "./131/binderfs", [pid 5871] rmdir("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] getdents64(3, [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] unlink("./131/binderfs" [pid 5871] umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] close(3 [pid 5868] <... unlink resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... close resumed>) = 0 [pid 5868] getdents64(3, [pid 5871] newfstatat(AT_FDCWD, "./132/binderfs", [pid 5869] rmdir("./131" [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5871] unlink("./132/binderfs" [pid 5868] close(3 [pid 5871] <... unlink resumed>) = 0 [pid 5869] mkdir("./132", 0777 [pid 5868] <... close resumed>) = 0 [pid 5871] getdents64(3, [pid 5869] <... mkdir resumed>) = 0 [pid 5868] rmdir("./131" [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3 [pid 5868] <... rmdir resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] mkdir("./132", 0777 [pid 5871] rmdir("./132" [pid 5869] <... openat resumed>) = 3 [pid 5871] <... rmdir resumed>) = 0 [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... mkdir resumed>) = 0 [pid 5871] mkdir("./133", 0777 [pid 5869] <... ioctl resumed>) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5869] close(3 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... close resumed>) = 0 [ 494.116423][ T7348] loop1: detected capacity change from 0 to 4096 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] <... close resumed>) = 0 ./strace-static-x86_64: Process 7351 attached [pid 7350] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5871] <... close resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 274 [pid 7351] set_robust_list(0x55557616a6a0, 24 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7353 attached ./strace-static-x86_64: Process 7352 attached [pid 7351] <... set_robust_list resumed>) = 0 [pid 7348] <... mount resumed>) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 277 [pid 7348] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7351] chdir("./132" [pid 7353] set_robust_list(0x55557616a6a0, 24 [pid 7351] <... chdir resumed>) = 0 [pid 7353] <... set_robust_list resumed>) = 0 [pid 7351] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7348] <... openat resumed>) = 3 [pid 7351] <... prctl resumed>) = 0 [pid 7353] chdir("./132" [pid 7351] setpgid(0, 0 [pid 7348] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7353] <... chdir resumed>) = 0 [pid 7351] <... setpgid resumed>) = 0 [pid 7351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7353] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7348] <... chdir resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 274 [pid 7353] <... prctl resumed>) = 0 [pid 7352] set_robust_list(0x55557616a6a0, 24 [pid 7351] <... openat resumed>) = 3 [pid 7348] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7353] setpgid(0, 0) = 0 [pid 7352] <... set_robust_list resumed>) = 0 [pid 7351] write(3, "1000", 4 [pid 7348] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7352] chdir("./133" [pid 7351] <... write resumed>) = 4 [pid 7348] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7351] close(3 [pid 7352] <... chdir resumed>) = 0 [pid 7351] <... close resumed>) = 0 [pid 7348] <... futex resumed>) = 1 [pid 7352] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7351] symlink("/dev/binderfs", "./binderfs" [pid 7348] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7347] <... futex resumed>) = 0 [pid 7353] <... openat resumed>) = 3 [pid 7352] <... prctl resumed>) = 0 [pid 7347] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] write(3, "1000", 4 [pid 7352] setpgid(0, 0 [pid 7351] <... symlink resumed>) = 0 [pid 7348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7347] <... futex resumed>) = 0 [pid 7353] <... write resumed>) = 4 [pid 7351] write(1, "executing program\n", 18 [pid 7348] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7347] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7353] close(3 [pid 7352] <... setpgid resumed>) = 0 [pid 7352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7352] write(3, "1000", 4executing program executing program [pid 7353] <... close resumed>) = 0 [pid 7352] <... write resumed>) = 4 [pid 7351] <... write resumed>) = 18 [pid 7348] <... openat resumed>) = 4 [pid 7352] close(3) = 0 [pid 7352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7352] write(1, "executing program\n", 18) = 18 [pid 7351] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] symlink("/dev/binderfs", "./binderfs" [pid 7348] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7351] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7348] <... futex resumed>) = 1 [pid 7347] <... futex resumed>) = 0 executing program [pid 7353] <... symlink resumed>) = 0 [pid 7352] <... futex resumed>) = 0 [pid 7351] <... mmap resumed>) = 0x7f701fcf4000 [pid 7350] <... write resumed>) = 2097152 [pid 7348] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7347] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] write(1, "executing program\n", 18 [pid 7351] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7353] <... write resumed>) = 18 [pid 7352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7351] <... mprotect resumed>) = 0 [pid 7348] <... openat resumed>) = 5 [pid 7347] <... futex resumed>) = 0 [pid 7353] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] <... mmap resumed>) = 0x7f701fcf4000 [pid 7350] munmap(0x7f7017800000, 138412032 [pid 7353] <... futex resumed>) = 0 [pid 7352] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7351] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7350] <... munmap resumed>) = 0 [pid 7353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7348] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] <... mmap resumed>) = 0x7f701fcf4000 [pid 7352] <... mprotect resumed>) = 0 [pid 7351] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7348] <... futex resumed>) = 0 [pid 7347] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7353] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7352] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7348] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 7354 attached [pid 7353] <... mprotect resumed>) = 0 [pid 7352] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7347] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7351] <... clone3 resumed> => {parent_tid=[275]}, 88) = 275 [pid 7353] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7348] <... futex resumed>) = 0 [pid 7347] <... futex resumed>) = 1 ./strace-static-x86_64: Process 7355 attached [pid 7354] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7353] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7351] rt_sigprocmask(SIG_SETMASK, [], [pid 7348] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7347] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7354] <... rseq resumed>) = 0 [pid 7353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7352] <... clone3 resumed> => {parent_tid=[278]}, 88) = 278 [pid 7351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7348] <... write resumed>) = 1116 ./strace-static-x86_64: Process 7356 attached [pid 7355] <... rseq resumed>) = 0 [pid 7354] set_robust_list(0x7f701fd149a0, 24 [pid 7352] rt_sigprocmask(SIG_SETMASK, [], [pid 7351] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7348] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7355] set_robust_list(0x7f701fd149a0, 24 [pid 7354] <... set_robust_list resumed>) = 0 [pid 7353] <... clone3 resumed> => {parent_tid=[275]}, 88) = 275 [pid 7352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7351] <... futex resumed>) = 0 [pid 7356] <... rseq resumed>) = 0 [pid 7355] <... set_robust_list resumed>) = 0 [pid 7354] rt_sigprocmask(SIG_SETMASK, [], [pid 7353] rt_sigprocmask(SIG_SETMASK, [], [pid 7352] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7351] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7350] <... openat resumed>) = 4 [pid 7348] <... futex resumed>) = 1 [pid 7347] <... futex resumed>) = 0 [pid 7356] set_robust_list(0x7f701fd149a0, 24 [pid 7355] rt_sigprocmask(SIG_SETMASK, [], [pid 7354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7352] <... futex resumed>) = 0 [pid 7350] ioctl(4, LOOP_SET_FD, 3 [pid 7347] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... set_robust_list resumed>) = 0 [pid 7355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7354] memfd_create("syzkaller", 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7356] rt_sigprocmask(SIG_SETMASK, [], [pid 7353] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7353] <... futex resumed>) = 0 [pid 7348] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7356] memfd_create("syzkaller", 0 [pid 7353] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7348] <... mmap resumed>) = 0x200000000000 [pid 7354] <... memfd_create resumed>) = 3 [pid 7348] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7348] <... futex resumed>) = 0 [pid 7354] <... mmap resumed>) = 0x7f7017800000 [pid 7348] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7356] <... memfd_create resumed>) = 3 [pid 7356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7355] memfd_create("syzkaller", 0 [pid 7347] <... futex resumed>) = 1 [pid 7355] <... memfd_create resumed>) = 3 [pid 7350] <... ioctl resumed>) = 0 [pid 7348] <... futex resumed>) = 0 [pid 7347] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7350] close(3 [pid 7348] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7347] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] <... close resumed>) = 0 [pid 7348] <... futex resumed>) = 0 [pid 7347] <... futex resumed>) = 1 [pid 7348] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7350] close(4 [pid 7348] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7347] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] <... close resumed>) = 0 [pid 7348] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7348] <... futex resumed>) = 1 [pid 7348] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7347] <... futex resumed>) = 0 [pid 7350] <... mkdir resumed>) = 0 [pid 7347] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7347] <... futex resumed>) = 1 [pid 7348] <... futex resumed>) = 0 [pid 7347] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7348] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [ 494.291463][ T7350] loop4: detected capacity change from 0 to 4096 [pid 7354] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7356] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7355] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7350] <... mount resumed>) = 0 [pid 7350] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7350] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7350] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7350] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7350] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7349] <... futex resumed>) = 0 [pid 7349] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7356] <... write resumed>) = 2097152 [pid 7355] <... write resumed>) = 2097152 [pid 7354] <... write resumed>) = 2097152 [pid 7356] munmap(0x7f7017800000, 138412032 [pid 7355] munmap(0x7f7017800000, 138412032 [pid 7350] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7349] <... futex resumed>) = 0 [pid 7349] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7349] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] <... futex resumed>) = 1 [pid 7350] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7350] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7350] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7349] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... munmap resumed>) = 0 [pid 7350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7354] munmap(0x7f7017800000, 138412032 [pid 7350] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7349] <... futex resumed>) = 0 [pid 7356] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7355] <... munmap resumed>) = 0 [pid 7354] <... munmap resumed>) = 0 [pid 7350] <... write resumed>) = 1116 [pid 7349] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] <... openat resumed>) = 4 [pid 7355] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7356] ioctl(4, LOOP_SET_FD, 3 [pid 7350] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7350] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7349] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] <... mmap resumed>) = 0x200000000000 [pid 7349] <... futex resumed>) = 0 [pid 7349] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] ioctl(4, LOOP_SET_FD, 3 [pid 7350] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7349] <... futex resumed>) = 0 [pid 7354] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7350] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7349] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7350] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7349] <... futex resumed>) = 0 [pid 7354] <... openat resumed>) = 4 [pid 7350] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7349] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7350] <... futex resumed>) = 0 [pid 7349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7350] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7349] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7354] close(3) = 0 [pid 7354] close(4) = 0 [pid 7354] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7354] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7356] <... ioctl resumed>) = 0 [pid 7356] close(3) = 0 [pid 7356] close(4) = 0 [pid 7355] <... ioctl resumed>) = 0 [pid 7356] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7356] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7355] close(3) = 0 [pid 7355] close(4) = 0 [pid 7355] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 494.424245][ T7356] loop0: detected capacity change from 0 to 4096 [ 494.435187][ T7355] loop3: detected capacity change from 0 to 4096 [ 494.441732][ T7354] loop2: detected capacity change from 0 to 4096 [pid 7355] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7354] <... mount resumed>) = 0 [pid 7347] <... futex resumed>) = ? [pid 7354] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7354] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7354] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7354] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7354] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7351] <... futex resumed>) = 0 [pid 7351] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] <... futex resumed>) = 0 [pid 7351] <... futex resumed>) = 1 [pid 7354] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7351] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7354] <... openat resumed>) = 4 [pid 7348] +++ killed by SIGSEGV (core dumped) +++ [pid 7347] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=279, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 7354] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7354] <... futex resumed>) = 1 [pid 7351] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7354] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7351] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7351] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7351] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7354] <... openat resumed>) = 5 [pid 7356] <... mount resumed>) = 0 [pid 7356] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7354] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... openat resumed>) = 3 [pid 7356] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7354] <... futex resumed>) = 1 [pid 7351] <... futex resumed>) = 0 [pid 7356] <... chdir resumed>) = 0 [pid 7354] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7351] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7351] <... futex resumed>) = 0 [pid 7356] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7354] <... write resumed>) = 1116 [pid 7351] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7354] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] <... futex resumed>) = 0 [pid 7356] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7353] <... futex resumed>) = 0 [pid 7353] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7354] <... futex resumed>) = 1 [pid 7351] <... futex resumed>) = 0 [pid 7351] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7351] <... futex resumed>) = 0 [pid 7355] <... mount resumed>) = 0 [pid 7351] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7354] <... mmap resumed>) = 0x200000000000 [pid 7355] <... openat resumed>) = 3 [pid 7354] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7355] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7354] <... futex resumed>) = 1 [pid 7351] <... futex resumed>) = 0 [pid 7354] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7351] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7351] <... futex resumed>) = 0 [pid 7355] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7354] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7351] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7354] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7352] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... openat resumed>) = 4 [pid 7352] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7354] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7356] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7354] <... futex resumed>) = 1 [pid 7351] <... futex resumed>) = 0 [pid 7356] <... futex resumed>) = 1 [pid 7354] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7353] <... futex resumed>) = 0 [pid 7351] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7353] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7353] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] <... openat resumed>) = 5 [pid 7356] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7353] <... futex resumed>) = 0 [pid 7356] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7353] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7355] <... openat resumed>) = 4 [pid 7353] <... futex resumed>) = 0 [pid 7355] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] <... futex resumed>) = 1 [pid 7352] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7356] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7356] <... futex resumed>) = 1 [pid 7355] <... openat resumed>) = 5 [pid 7353] <... futex resumed>) = 0 [pid 7353] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7356] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7353] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] <... mmap resumed>) = 0x200000000000 [pid 7355] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7352] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7355] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7352] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7356] <... futex resumed>) = 1 [pid 7353] <... futex resumed>) = 0 [pid 7356] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7353] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7356] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7353] <... futex resumed>) = 0 [pid 7356] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7356] <... futex resumed>) = 0 [pid 7353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7356] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 7355] <... mmap resumed>) = 0x200000000000 [pid 7353] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7355] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7353] <... futex resumed>) = 0 [pid 7356] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7355] <... futex resumed>) = 1 [pid 7352] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7355] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7352] <... futex resumed>) = 0 [pid 7352] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7352] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7355] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./132/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./132") = 0 [pid 5870] mkdir("./133", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7349] <... futex resumed>) = ? [pid 7350] +++ killed by SIGSEGV (core dumped) +++ [pid 7349] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=275, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5872] umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7357 attached , child_tidptr=0x55557616a690) = 281 [pid 7357] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7357] chdir("./133") = 0 [pid 7357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7357] setpgid(0, 0) = 0 [pid 7357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7357] write(3, "1000", 4) = 4 [pid 7357] close(3) = 0 [pid 7357] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7357] write(1, "executing program\n", 18) = 18 [pid 7357] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7357] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[282]}, 88) = 282 [pid 7357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7357] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7357] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7358 attached [pid 5872] <... umount2 resumed>) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7358] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5872] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7358] <... rseq resumed>) = 0 [pid 7358] set_robust_list(0x7f701fd149a0, 24 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4 [pid 7358] <... set_robust_list resumed>) = 0 [pid 7358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7358] memfd_create("syzkaller", 0 [pid 5872] umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./132/binderfs", [pid 7358] <... memfd_create resumed>) = 3 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./132/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./132") = 0 [pid 5872] mkdir("./133", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 7358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] close(3 [pid 7358] <... mmap resumed>) = 0x7f7017800000 [pid 7351] <... futex resumed>) = ? [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7354] +++ killed by SIGSEGV (core dumped) +++ [pid 7351] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=274, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7358] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152./strace-static-x86_64: Process 7359 attached [pid 7352] <... futex resumed>) = ? [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 277 [pid 7359] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7356] +++ killed by SIGSEGV (core dumped) +++ [pid 7353] +++ killed by SIGSEGV (core dumped) +++ [pid 7355] +++ killed by SIGSEGV (core dumped) +++ [pid 7352] +++ killed by SIGSEGV (core dumped) +++ [pid 7359] chdir("./133" [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=277, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=274, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5871] <... restart_syscall resumed>) = 0 [pid 7359] <... chdir resumed>) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 7359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7359] setpgid(0, 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7359] <... setpgid resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... openat resumed>) = 3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7359] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", [pid 5868] openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7359] write(3, "1000", 4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7359] <... write resumed>) = 4 [pid 7358] <... write resumed>) = 2097152 [pid 5871] getdents64(3, [pid 5868] newfstatat(3, "", [pid 7359] close(3 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7359] <... close resumed>) = 0 [pid 7358] munmap(0x7f7017800000, 138412032 [pid 5871] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] getdents64(3, [pid 7359] symlink("/dev/binderfs", "./binderfs" [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7358] <... munmap resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7359] <... symlink resumed>) = 0 [pid 7358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7359] write(1, "executing program\n", 18executing program [pid 7358] <... openat resumed>) = 4 [pid 7359] <... write resumed>) = 18 [pid 7358] ioctl(4, LOOP_SET_FD, 3 [pid 7359] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7358] <... ioctl resumed>) = 0 [pid 7358] close(3) = 0 [pid 7358] close(4) = 0 [pid 7358] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7358] <... mkdir resumed>) = 0 [pid 7359] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7358] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7359] <... mprotect resumed>) = 0 [pid 7359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7360 attached => {parent_tid=[278]}, 88) = 278 [pid 7360] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7359] rt_sigprocmask(SIG_SETMASK, [], [pid 7360] <... rseq resumed>) = 0 [pid 7359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7360] set_robust_list(0x7f701fd149a0, 24 [pid 7359] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7360] <... set_robust_list resumed>) = 0 [pid 7359] <... futex resumed>) = 0 [pid 7360] rt_sigprocmask(SIG_SETMASK, [], [pid 7359] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7360] memfd_create("syzkaller", 0) = 3 [pid 7358] <... mount resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [ 494.959443][ T7358] loop1: detected capacity change from 0 to 4096 [pid 7360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7360] <... mmap resumed>) = 0x7f7017800000 [pid 7358] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5869] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7358] <... openat resumed>) = 3 [pid 7358] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7358] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7358] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7358] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7358] <... futex resumed>) = 1 [pid 7357] <... futex resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7358] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7357] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7357] <... futex resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7358] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7357] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... umount2 resumed>) = 0 [pid 5869] <... openat resumed>) = 4 [pid 5868] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", [pid 5868] newfstatat(4, "", [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, [pid 5868] getdents64(4, [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, [pid 5868] getdents64(4, [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4 [pid 5868] close(4 [pid 7358] <... openat resumed>) = 4 [pid 5869] <... close resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7358] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] rmdir("\x2e\x2f\x31\x33\x32\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7358] <... futex resumed>) = 1 [pid 7357] <... futex resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... rmdir resumed>) = 0 [pid 5868] <... rmdir resumed>) = 0 [pid 7358] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7357] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7358] <... openat resumed>) = 5 [pid 7357] <... futex resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7358] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7357] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] newfstatat(AT_FDCWD, "./132/binderfs", [pid 5868] newfstatat(AT_FDCWD, "./132/binderfs", [pid 7358] <... futex resumed>) = 0 [pid 7357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7358] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7357] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7358] <... write resumed>) = 1116 [pid 7357] <... futex resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] unlink("./132/binderfs" [pid 5868] unlink("./132/binderfs" [pid 7358] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7357] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7357] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7358] <... futex resumed>) = 0 [pid 5868] <... unlink resumed>) = 0 [pid 7357] <... futex resumed>) = 0 [pid 7357] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... unlink resumed>) = 0 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] getdents64(3, [pid 5871] newfstatat(4, "", [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] close(3) = 0 [pid 5871] getdents64(4, [pid 5869] rmdir("./132" [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... rmdir resumed>) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] mkdir("./133", 0777 [pid 5871] close(4) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5871] umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... openat resumed>) = 3 [pid 7358] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5868] getdents64(3, [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] ioctl(3, LOOP_CLR_FD [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7358] <... mmap resumed>) = 0x200000000000 [pid 5871] newfstatat(AT_FDCWD, "./133/binderfs", [pid 7360] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7358] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 7358] <... futex resumed>) = 1 [pid 7357] <... futex resumed>) = 0 [pid 5871] unlink("./133/binderfs" [pid 5869] close(3 [pid 5868] <... close resumed>) = 0 [pid 7358] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7357] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... unlink resumed>) = 0 [pid 5868] rmdir("./132" [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./133") = 0 [pid 5871] mkdir("./134", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7357] <... futex resumed>) = 0 [pid 7357] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... rmdir resumed>) = 0 [pid 7358] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7358] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] mkdir("./133", 0777 [pid 7360] <... write resumed>) = 2097152 [pid 7358] <... futex resumed>) = 1 [pid 7357] <... futex resumed>) = 0 [pid 5868] <... mkdir resumed>) = 0 [pid 7357] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7358] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... close resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 276 [pid 5868] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7361 attached [pid 5868] close(3 [pid 7361] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7361] chdir("./133") = 0 [pid 7361] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... close resumed>) = 0 [pid 7361] <... prctl resumed>) = 0 [pid 7361] setpgid(0, 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7361] <... setpgid resumed>) = 0 [pid 7361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 7362 attached [pid 7361] write(3, "1000", 4) = 4 [pid 7361] close(3) = 0 [pid 7361] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 279 executing program [pid 7361] <... symlink resumed>) = 0 [pid 7361] write(1, "executing program\n", 18) = 18 [pid 7361] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7361] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7362] set_robust_list(0x55557616a6a0, 24 [pid 7360] munmap(0x7f7017800000, 138412032 [pid 5868] <... close resumed>) = 0 [pid 7362] <... set_robust_list resumed>) = 0 [pid 7362] chdir("./134" [pid 7361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7363 attached [pid 7361] <... clone3 resumed> => {parent_tid=[277]}, 88) = 277 ./strace-static-x86_64: Process 7364 attached [pid 7362] <... chdir resumed>) = 0 [pid 7364] set_robust_list(0x55557616a6a0, 24 [pid 7362] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7361] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 276 [pid 7364] <... set_robust_list resumed>) = 0 [pid 7362] <... prctl resumed>) = 0 [pid 7362] setpgid(0, 0 [pid 7361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7361] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7361] <... futex resumed>) = 0 [pid 7363] <... rseq resumed>) = 0 [pid 7361] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7363] set_robust_list(0x7f701fd149a0, 24 [pid 7362] <... setpgid resumed>) = 0 [pid 7363] <... set_robust_list resumed>) = 0 [pid 7363] rt_sigprocmask(SIG_SETMASK, [], [pid 7360] <... munmap resumed>) = 0 [pid 7364] chdir("./133" [pid 7363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7364] <... chdir resumed>) = 0 [pid 7363] memfd_create("syzkaller", 0 [pid 7362] <... openat resumed>) = 3 [pid 7360] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7362] write(3, "1000", 4 [pid 7364] <... prctl resumed>) = 0 [pid 7362] <... write resumed>) = 4 [pid 7364] setpgid(0, 0 [pid 7362] close(3 [pid 7360] <... openat resumed>) = 4 [pid 7364] <... setpgid resumed>) = 0 [pid 7362] <... close resumed>) = 0 [pid 7360] ioctl(4, LOOP_SET_FD, 3 [pid 7364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7362] symlink("/dev/binderfs", "./binderfs" [pid 7364] <... openat resumed>) = 3 [pid 7363] <... memfd_create resumed>) = 3 executing program [pid 7362] <... symlink resumed>) = 0 [pid 7363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7362] write(1, "executing program\n", 18 [pid 7364] write(3, "1000", 4 [pid 7362] <... write resumed>) = 18 [pid 7364] <... write resumed>) = 4 [pid 7362] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7364] close(3 [pid 7362] <... futex resumed>) = 0 [pid 7364] <... close resumed>) = 0 [pid 7362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 7360] <... ioctl resumed>) = 0 [pid 7364] symlink("/dev/binderfs", "./binderfs" [pid 7362] <... mmap resumed>) = 0x7f701fcf4000 [pid 7362] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7364] <... symlink resumed>) = 0 [pid 7364] write(1, "executing program\n", 18 [pid 7362] <... mprotect resumed>) = 0 [pid 7364] <... write resumed>) = 18 [pid 7362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7364] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7365 attached [pid 7364] <... futex resumed>) = 0 [pid 7360] close(3 [pid 7364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7362] <... clone3 resumed> => {parent_tid=[280]}, 88) = 280 [pid 7364] <... mmap resumed>) = 0x7f701fcf4000 [pid 7362] rt_sigprocmask(SIG_SETMASK, [], [pid 7360] <... close resumed>) = 0 [pid 7365] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7364] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7364] <... mprotect resumed>) = 0 [pid 7362] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7365] <... rseq resumed>) = 0 [pid 7360] close(4 [pid 7365] set_robust_list(0x7f701fd149a0, 24 [pid 7364] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7362] <... futex resumed>) = 0 [pid 7360] <... close resumed>) = 0 [pid 7365] <... set_robust_list resumed>) = 0 [pid 7360] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7362] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7360] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7365] rt_sigprocmask(SIG_SETMASK, [], [pid 7364] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7366 attached [pid 7365] memfd_create("syzkaller", 0 [pid 7366] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7365] <... memfd_create resumed>) = 3 [pid 7364] <... clone3 resumed> => {parent_tid=[277]}, 88) = 277 [pid 7366] <... rseq resumed>) = 0 [pid 7365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7364] rt_sigprocmask(SIG_SETMASK, [], [pid 7366] set_robust_list(0x7f701fd149a0, 24 [pid 7365] <... mmap resumed>) = 0x7f7017800000 [pid 7366] <... set_robust_list resumed>) = 0 [ 495.173304][ T7360] loop4: detected capacity change from 0 to 4096 [pid 7366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7366] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7364] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7366] memfd_create("syzkaller", 0 [pid 7364] <... futex resumed>) = 0 [pid 7366] <... memfd_create resumed>) = 3 [pid 7364] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7363] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7365] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7357] <... futex resumed>) = ? [pid 7366] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7358] +++ killed by SIGSEGV (core dumped) +++ [pid 7357] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=281, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7363] <... write resumed>) = 2097152 [pid 7360] <... mount resumed>) = 0 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7366] <... write resumed>) = 2097152 [pid 7365] <... write resumed>) = 2097152 [pid 7363] munmap(0x7f7017800000, 138412032 [pid 7360] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7366] munmap(0x7f7017800000, 138412032 [pid 7365] munmap(0x7f7017800000, 138412032 [pid 7360] <... openat resumed>) = 3 [pid 7360] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7360] <... chdir resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7363] <... munmap resumed>) = 0 [pid 7360] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5870] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7360] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... openat resumed>) = 3 [pid 7360] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(3, "", [pid 7360] <... futex resumed>) = 1 [pid 7359] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7359] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7359] <... futex resumed>) = 0 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7360] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7359] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7366] <... munmap resumed>) = 0 [pid 7365] <... munmap resumed>) = 0 [pid 7360] <... openat resumed>) = 4 [pid 7363] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7360] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... openat resumed>) = 4 [pid 7360] <... futex resumed>) = 1 [pid 7359] <... futex resumed>) = 0 [pid 7363] ioctl(4, LOOP_SET_FD, 3 [pid 7359] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7366] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7365] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7359] <... futex resumed>) = 0 [pid 7366] <... openat resumed>) = 4 [pid 7365] <... openat resumed>) = 4 [pid 7360] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7366] ioctl(4, LOOP_SET_FD, 3 [pid 7365] ioctl(4, LOOP_SET_FD, 3 [pid 7359] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7360] <... openat resumed>) = 5 [pid 7360] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7359] <... futex resumed>) = 0 [pid 7360] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7359] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7360] <... write resumed>) = 1116 [pid 7359] <... futex resumed>) = 0 [pid 7360] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7359] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7360] <... futex resumed>) = 0 [pid 7359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7360] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7359] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7360] <... mmap resumed>) = 0x200000000000 [pid 7359] <... futex resumed>) = 0 [pid 7360] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7359] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7360] <... futex resumed>) = 0 [pid 7359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7360] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7359] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7360] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7359] <... futex resumed>) = 0 [pid 7360] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7359] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7360] <... futex resumed>) = 0 [pid 7359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7360] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7359] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... ioctl resumed>) = 0 [pid 7363] close(3) = 0 [pid 7363] close(4) = 0 [pid 7363] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7363] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7365] <... ioctl resumed>) = 0 [pid 7365] close(3) = 0 [pid 7365] close(4) = 0 [pid 7365] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7365] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7366] <... ioctl resumed>) = 0 [pid 7366] close(3) = 0 [pid 7366] close(4) = 0 [pid 7366] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 495.334393][ T7363] loop2: detected capacity change from 0 to 4096 [ 495.342381][ T7365] loop3: detected capacity change from 0 to 4096 [ 495.357402][ T7366] loop0: detected capacity change from 0 to 4096 [pid 7366] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7363] <... mount resumed>) = 0 [pid 7363] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7363] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7363] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7363] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7361] <... futex resumed>) = 0 [pid 7363] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7361] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7361] <... futex resumed>) = 0 [pid 7363] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7361] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7363] <... openat resumed>) = 4 [pid 5870] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7363] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7363] <... futex resumed>) = 1 [pid 7361] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 4 [pid 7363] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7361] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(4, "", [pid 7361] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7363] <... openat resumed>) = 5 [pid 7361] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(4, [pid 7363] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7363] <... futex resumed>) = 1 [pid 7361] <... futex resumed>) = 0 [pid 7363] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7361] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(4, [pid 7363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7361] <... futex resumed>) = 0 [pid 7363] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7361] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 7363] <... write resumed>) = 1116 [pid 5870] <... close resumed>) = 0 [pid 7363] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] rmdir("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7366] <... mount resumed>) = 0 [pid 7363] <... futex resumed>) = 1 [pid 7361] <... futex resumed>) = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 7366] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7363] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7366] <... openat resumed>) = 3 [pid 7363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7361] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7366] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7363] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 5870] newfstatat(AT_FDCWD, "./133/binderfs", [pid 7366] <... chdir resumed>) = 0 [pid 7366] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7363] <... mmap resumed>) = 0x200000000000 [pid 7361] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7366] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7363] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] unlink("./133/binderfs" [pid 7366] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... futex resumed>) = 0 [pid 7366] <... futex resumed>) = 1 [pid 7365] <... mount resumed>) = 0 [pid 7364] <... futex resumed>) = 0 [pid 7363] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... unlink resumed>) = 0 [pid 7366] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7365] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7364] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] getdents64(3, [pid 7366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7365] <... openat resumed>) = 3 [pid 7364] <... futex resumed>) = 0 [pid 7363] <... futex resumed>) = 0 [pid 7361] <... futex resumed>) = 1 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7366] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7365] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7364] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7363] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7361] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7365] <... chdir resumed>) = 0 [pid 7363] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5870] close(3 [pid 7365] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7363] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7365] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] <... futex resumed>) = 1 [pid 7361] <... futex resumed>) = 0 [pid 5870] rmdir("./133" [pid 7366] <... openat resumed>) = 4 [pid 7365] <... futex resumed>) = 1 [pid 7363] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7362] <... futex resumed>) = 0 [pid 7361] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 7366] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7365] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7362] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7361] <... futex resumed>) = 0 [pid 7366] <... futex resumed>) = 1 [pid 7365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7364] <... futex resumed>) = 0 [pid 7361] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] mkdir("./134", 0777 [pid 7366] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7365] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7364] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7363] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7362] <... futex resumed>) = 0 [pid 5870] <... mkdir resumed>) = 0 [pid 7364] <... futex resumed>) = 0 [pid 7362] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7364] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7366] <... openat resumed>) = 5 [pid 5870] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7366] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7365] <... openat resumed>) = 4 [pid 7366] <... futex resumed>) = 1 [pid 7364] <... futex resumed>) = 0 [pid 7366] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7364] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7365] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7362] <... futex resumed>) = 0 [pid 7366] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7364] <... futex resumed>) = 0 [pid 7365] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7364] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7362] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7366] <... write resumed>) = 1116 [pid 7366] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7362] <... futex resumed>) = 0 [pid 7366] <... futex resumed>) = 0 [pid 7364] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7362] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7366] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7364] <... futex resumed>) = 0 [pid 7366] <... mmap resumed>) = 0x200000000000 [pid 7365] <... openat resumed>) = 5 [pid 7364] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7366] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7365] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7364] <... futex resumed>) = 0 [pid 7365] <... futex resumed>) = 1 [pid 7365] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7364] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7362] <... futex resumed>) = 0 [pid 7366] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7364] <... futex resumed>) = 0 [pid 7362] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7365] <... futex resumed>) = 0 [pid 7364] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7362] <... futex resumed>) = 1 [pid 7366] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7365] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5870] <... close resumed>) = 0 [pid 7365] <... write resumed>) = 1116 [pid 7365] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7365] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7366] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7362] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7366] <... futex resumed>) = 1 [pid 7364] <... futex resumed>) = 0 [pid 7362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 7367 attached [pid 7366] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7364] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7362] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7365] <... futex resumed>) = 0 [pid 7362] <... futex resumed>) = 1 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 283 [pid 7362] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7365] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7367] set_robust_list(0x55557616a6a0, 24 [pid 7365] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] <... set_robust_list resumed>) = 0 [pid 7365] <... futex resumed>) = 1 [pid 7362] <... futex resumed>) = 0 [pid 7362] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] chdir("./134" [pid 7365] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7362] <... futex resumed>) = 0 [pid 7367] <... chdir resumed>) = 0 [pid 7365] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7362] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7365] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] <... prctl resumed>) = 0 [pid 7365] <... futex resumed>) = 1 [pid 7362] <... futex resumed>) = 0 [pid 7367] setpgid(0, 0 [pid 7365] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7362] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] <... setpgid resumed>) = 0 [pid 7367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7367] write(3, "1000", 4) = 4 [pid 7367] close(3) = 0 [pid 7367] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7367] write(1, "executing program\n", 18) = 18 [pid 7367] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7367] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[284]}, 88) = 284 [pid 7367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7367] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7367] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7368 attached [pid 7368] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7368] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7368] memfd_create("syzkaller", 0) = 3 [pid 7368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7359] <... futex resumed>) = ? [pid 7368] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7360] +++ killed by SIGSEGV (core dumped) +++ [pid 7359] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=277, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- [pid 5872] umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7364] <... futex resumed>) = ? [pid 7368] <... write resumed>) = 2097152 [pid 7366] +++ killed by SIGSEGV (core dumped) +++ [pid 7364] +++ killed by SIGSEGV (core dumped) +++ [pid 7368] munmap(0x7f7017800000, 138412032 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=276, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 7368] <... munmap resumed>) = 0 [pid 5868] umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7368] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7362] <... futex resumed>) = ? [pid 7368] <... openat resumed>) = 4 [pid 7368] ioctl(4, LOOP_SET_FD, 3 [pid 7365] +++ killed by SIGSEGV (core dumped) +++ [pid 7362] +++ killed by SIGSEGV (core dumped) +++ [pid 7361] <... futex resumed>) = ? [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=279, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5871] umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7363] +++ killed by SIGSEGV (core dumped) +++ [pid 7361] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... umount2 resumed>) = 0 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=276, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5872] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7368] <... ioctl resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... openat resumed>) = 3 [pid 7368] close(3 [pid 5872] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] newfstatat(3, "", [pid 7368] <... close resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7368] close(4 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7368] <... close resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 7368] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5872] newfstatat(4, "", [pid 7368] <... mkdir resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7368] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 495.732983][ T7368] loop1: detected capacity change from 0 to 4096 [pid 5872] newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 5872] unlink("./133/binderfs" [pid 5869] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... unlink resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] getdents64(3, [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] <... close resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] rmdir("./133" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... rmdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] mkdir("./134", 0777) = 0 [pid 5869] <... openat resumed>) = 4 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] newfstatat(4, "", [pid 5872] <... openat resumed>) = 3 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5869] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] <... ioctl resumed>) = 0 [pid 5869] getdents64(4, [pid 5872] close(3 [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./133/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5872] <... close resumed>) = 0 [pid 5869] rmdir("./133") = 0 [pid 5869] mkdir("./134", 0777 [pid 5871] <... umount2 resumed>) = 0 [pid 5869] <... mkdir resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7368] <... mount resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5868] <... umount2 resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7368] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7368] <... openat resumed>) = 3 [pid 7368] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 ./strace-static-x86_64: Process 7369 attached [pid 7368] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 279 [pid 5871] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... close resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7369] set_robust_list(0x55557616a6a0, 24 [pid 7368] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7369] <... set_robust_list resumed>) = 0 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7369] chdir("./134" [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7369] <... chdir resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 7368] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7368] <... futex resumed>) = 1 [pid 5871] newfstatat(4, "", [pid 7369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7369] setpgid(0, 0 [pid 7367] <... futex resumed>) = 0 [pid 7367] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7367] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7369] <... setpgid resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7368] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5871] getdents64(4, [pid 7369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] <... openat resumed>) = 4 [pid 7369] <... openat resumed>) = 3 [pid 5871] getdents64(4, [pid 5868] newfstatat(4, "", [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... close resumed>) = 0 [pid 5868] getdents64(4, [pid 5871] rmdir("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7369] write(3, "1000", 4 [pid 5871] <... rmdir resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] getdents64(4, [pid 5871] umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] close(4 [pid 5871] newfstatat(AT_FDCWD, "./134/binderfs", [pid 5868] <... close resumed>) = 0 ./strace-static-x86_64: Process 7370 attached [pid 7369] <... write resumed>) = 4 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x33\x33\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7369] close(3 [pid 5871] unlink("./134/binderfs" [pid 7369] <... close resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 278 [pid 5868] <... rmdir resumed>) = 0 [pid 7369] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... unlink resumed>) = 0 [pid 5868] umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7370] set_robust_list(0x55557616a6a0, 24 [pid 7369] <... symlink resumed>) = 0 [pid 5871] getdents64(3, [pid 7369] write(1, "executing program\n", 18 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7370] <... set_robust_list resumed>) = 0 executing program [pid 7368] <... openat resumed>) = 4 [pid 5871] close(3 [pid 5868] newfstatat(AT_FDCWD, "./133/binderfs", [pid 7368] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... close resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] rmdir("./134" [pid 7370] chdir("./134" [pid 7369] <... write resumed>) = 18 [pid 7368] <... futex resumed>) = 1 [pid 7367] <... futex resumed>) = 0 [pid 5868] unlink("./133/binderfs" [pid 7370] <... chdir resumed>) = 0 [pid 7369] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7367] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rmdir resumed>) = 0 [pid 7370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7369] <... futex resumed>) = 0 [pid 7368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7367] <... futex resumed>) = 0 [pid 5871] mkdir("./135", 0777 [pid 5868] <... unlink resumed>) = 0 [pid 7370] <... prctl resumed>) = 0 [pid 7369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7368] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7367] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7370] setpgid(0, 0 [pid 7369] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] <... mkdir resumed>) = 0 [pid 5868] getdents64(3, [pid 7370] <... setpgid resumed>) = 0 [pid 7368] <... openat resumed>) = 5 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7368] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7369] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... openat resumed>) = 3 [pid 5868] close(3 [pid 7370] <... openat resumed>) = 3 [pid 7369] <... mprotect resumed>) = 0 [pid 7368] <... futex resumed>) = 1 [pid 7367] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7370] write(3, "1000", 4 [pid 7369] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7367] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] <... write resumed>) = 4 [pid 7369] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7368] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7367] <... futex resumed>) = 0 [pid 5868] rmdir("./133" [pid 7370] close(3 [pid 7369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7368] <... write resumed>) = 1116 [pid 7367] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 7371 attached [pid 7370] <... close resumed>) = 0 [pid 7368] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7367] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... rmdir resumed>) = 0 [pid 7371] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7370] symlink("/dev/binderfs", "./binderfs" [pid 7369] <... clone3 resumed> => {parent_tid=[280]}, 88) = 280 executing program [pid 7368] <... futex resumed>) = 0 [pid 7367] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... ioctl resumed>) = 0 [pid 5868] mkdir("./134", 0777 [pid 7371] <... rseq resumed>) = 0 [pid 7370] <... symlink resumed>) = 0 [pid 7369] rt_sigprocmask(SIG_SETMASK, [], [pid 7368] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7367] <... futex resumed>) = 0 [pid 7371] set_robust_list(0x7f701fd149a0, 24 [pid 7370] write(1, "executing program\n", 18 [pid 7369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7367] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] close(3 [pid 5868] <... mkdir resumed>) = 0 [pid 7371] <... set_robust_list resumed>) = 0 [pid 7370] <... write resumed>) = 18 [pid 7369] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7368] <... mmap resumed>) = 0x200000000000 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7371] rt_sigprocmask(SIG_SETMASK, [], [pid 7370] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7369] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7370] <... futex resumed>) = 0 [pid 7368] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7371] memfd_create("syzkaller", 0 [pid 7370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7369] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7370] <... mmap resumed>) = 0x7f701fcf4000 [pid 7370] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7372 attached [pid 7371] <... memfd_create resumed>) = 3 [pid 7368] <... futex resumed>) = 1 [pid 7367] <... futex resumed>) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 7372] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7370] <... clone3 resumed> => {parent_tid=[279]}, 88) = 279 [pid 5868] close(3 [pid 7368] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7367] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7367] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7371] <... mmap resumed>) = 0x7f7017800000 [pid 7370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7370] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7370] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] <... close resumed>) = 0 [pid 7368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7372] <... rseq resumed>) = 0 [pid 7372] set_robust_list(0x7f701fd149a0, 24 [pid 7368] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5871] <... close resumed>) = 0 [pid 7368] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7368] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] <... set_robust_list resumed>) = 0 [pid 7372] rt_sigprocmask(SIG_SETMASK, [], [pid 7368] <... futex resumed>) = 1 [pid 7367] <... futex resumed>) = 0 [pid 7367] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7367] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7368] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7371] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7372] memfd_create("syzkaller", 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7373 attached [pid 7372] <... memfd_create resumed>) = 3 executing program executing program [pid 7372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 7374 attached [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 281 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 278 [pid 7373] set_robust_list(0x55557616a6a0, 24 [pid 7374] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7373] <... set_robust_list resumed>) = 0 [pid 7374] chdir("./135" [pid 7373] chdir("./134") = 0 [pid 7373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7373] setpgid(0, 0) = 0 [pid 7373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7374] <... chdir resumed>) = 0 [pid 7373] <... openat resumed>) = 3 [pid 7374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7373] write(3, "1000", 4 [pid 7374] <... prctl resumed>) = 0 [pid 7373] <... write resumed>) = 4 [pid 7374] setpgid(0, 0 [pid 7373] close(3 [pid 7374] <... setpgid resumed>) = 0 [pid 7373] <... close resumed>) = 0 [pid 7374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7373] symlink("/dev/binderfs", "./binderfs" [pid 7374] <... openat resumed>) = 3 [pid 7373] <... symlink resumed>) = 0 [pid 7374] write(3, "1000", 4) = 4 [pid 7374] close(3) = 0 [pid 7373] write(1, "executing program\n", 18 [pid 7374] symlink("/dev/binderfs", "./binderfs" [pid 7373] <... write resumed>) = 18 [pid 7374] <... symlink resumed>) = 0 [pid 7373] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7374] write(1, "executing program\n", 18 [pid 7373] <... futex resumed>) = 0 [pid 7374] <... write resumed>) = 18 [pid 7373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7374] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7373] <... mmap resumed>) = 0x7f701fcf4000 [pid 7374] <... futex resumed>) = 0 [pid 7373] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7373] <... mprotect resumed>) = 0 [pid 7374] <... mmap resumed>) = 0x7f701fcf4000 [pid 7373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7374] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7375 attached [pid 7373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7374] <... clone3 resumed> => {parent_tid=[282]}, 88) = 282 [pid 7373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7374] rt_sigprocmask(SIG_SETMASK, [], [pid 7375] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7373] <... clone3 resumed> => {parent_tid=[279]}, 88) = 279 ./strace-static-x86_64: Process 7376 attached [pid 7375] <... rseq resumed>) = 0 [pid 7374] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7373] rt_sigprocmask(SIG_SETMASK, [], [pid 7375] set_robust_list(0x7f701fd149a0, 24 [pid 7374] <... futex resumed>) = 0 [pid 7373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7373] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7374] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7373] <... futex resumed>) = 0 [pid 7373] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7375] <... set_robust_list resumed>) = 0 [pid 7375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7375] memfd_create("syzkaller", 0) = 3 [pid 7375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7376] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7375] <... mmap resumed>) = 0x7f7017800000 [pid 7376] <... rseq resumed>) = 0 [pid 7376] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7371] <... write resumed>) = 2097152 [pid 7376] memfd_create("syzkaller", 0 [pid 7371] munmap(0x7f7017800000, 138412032 [pid 7376] <... memfd_create resumed>) = 3 [pid 7376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7371] <... munmap resumed>) = 0 [pid 7371] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7375] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7372] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7371] close(3) = 0 [pid 7371] close(4) = 0 [pid 7371] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7371] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 496.044336][ T7371] loop4: detected capacity change from 0 to 4096 [pid 7376] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7372] <... write resumed>) = 2097152 [pid 7372] munmap(0x7f7017800000, 138412032 [pid 7375] <... write resumed>) = 2097152 [pid 7375] munmap(0x7f7017800000, 138412032 [pid 7372] <... munmap resumed>) = 0 [pid 7376] <... write resumed>) = 2097152 [pid 7375] <... munmap resumed>) = 0 [pid 7372] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7371] <... mount resumed>) = 0 [pid 7367] <... futex resumed>) = ? [pid 7375] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7372] <... openat resumed>) = 4 [pid 7371] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7376] munmap(0x7f7017800000, 138412032 [pid 7375] <... openat resumed>) = 4 [pid 7372] ioctl(4, LOOP_SET_FD, 3 [pid 7371] <... openat resumed>) = 3 [pid 7368] +++ killed by SIGSEGV (core dumped) +++ [pid 7367] +++ killed by SIGSEGV (core dumped) +++ [pid 7376] <... munmap resumed>) = 0 [pid 7375] ioctl(4, LOOP_SET_FD, 3 [pid 7371] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7371] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7371] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7369] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7369] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7376] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7372] <... ioctl resumed>) = 0 [pid 7371] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7376] <... openat resumed>) = 4 [pid 7371] <... openat resumed>) = 4 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=283, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7376] ioctl(4, LOOP_SET_FD, 3 [pid 7371] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... restart_syscall resumed>) = 0 [pid 7371] <... futex resumed>) = 1 [pid 7371] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7369] <... futex resumed>) = 0 [pid 7369] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7371] <... futex resumed>) = 0 [pid 7371] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7372] close(3 [pid 5870] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7372] <... close resumed>) = 0 [pid 7372] close(4 [pid 5870] <... openat resumed>) = 3 [pid 7372] <... close resumed>) = 0 [pid 5870] newfstatat(3, "", [pid 7372] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7369] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7372] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7375] <... ioctl resumed>) = 0 [pid 7376] <... ioctl resumed>) = 0 [pid 7371] <... openat resumed>) = 5 [pid 7376] close(3 [pid 7371] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7371] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7375] close(3 [pid 7369] <... futex resumed>) = 0 [pid 7376] <... close resumed>) = 0 [pid 7375] <... close resumed>) = 0 [pid 7369] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [ 496.147803][ T7372] loop2: detected capacity change from 0 to 4096 [ 496.149749][ T7375] loop3: detected capacity change from 0 to 4096 [ 496.166769][ T7376] loop0: detected capacity change from 0 to 4096 [pid 7376] close(4) = 0 [pid 7375] close(4 [pid 7371] <... futex resumed>) = 0 [pid 7369] <... futex resumed>) = 1 [pid 7371] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7376] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7369] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7375] <... close resumed>) = 0 [pid 7371] <... write resumed>) = 1116 [pid 7371] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7371] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7376] <... mkdir resumed>) = 0 [pid 7375] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7369] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] <... mkdir resumed>) = 0 [pid 7371] <... futex resumed>) = 0 [pid 7375] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7369] <... futex resumed>) = 1 [pid 7376] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7371] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7371] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7371] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7369] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7369] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7371] <... futex resumed>) = 0 [pid 7371] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7369] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7371] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7371] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7369] <... futex resumed>) = 0 [pid 7371] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7369] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] <... mount resumed>) = 0 [pid 7372] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... umount2 resumed>) = 0 [pid 7372] <... openat resumed>) = 3 [pid 5870] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7372] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7372] <... chdir resumed>) = 0 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7372] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7372] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7372] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7372] <... futex resumed>) = 1 [pid 7370] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7372] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 7375] <... mount resumed>) = 0 [pid 7370] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7372] <... futex resumed>) = 0 [pid 7370] <... futex resumed>) = 1 [pid 5870] getdents64(4, [pid 7372] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7370] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7376] <... mount resumed>) = 0 [pid 5870] getdents64(4, [pid 7376] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7375] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7376] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7375] <... openat resumed>) = 3 [pid 5870] close(4 [pid 7375] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... close resumed>) = 0 [pid 7375] <... chdir resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7375] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7376] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5870] <... rmdir resumed>) = 0 [pid 7376] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7375] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7372] <... openat resumed>) = 4 [pid 7376] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7373] <... futex resumed>) = 0 [pid 7375] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7375] <... futex resumed>) = 1 [pid 7372] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7372] <... futex resumed>) = 1 [pid 5870] newfstatat(AT_FDCWD, "./134/binderfs", [pid 7372] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7374] <... futex resumed>) = 0 [pid 7373] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7374] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7373] <... futex resumed>) = 0 [pid 7370] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] unlink("./134/binderfs" [pid 7375] <... futex resumed>) = 0 [pid 7374] <... futex resumed>) = 1 [pid 7373] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7370] <... futex resumed>) = 1 [pid 7375] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7374] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7372] <... futex resumed>) = 0 [pid 7370] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... unlink resumed>) = 0 [pid 7376] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7372] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 7376] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7376] <... futex resumed>) = 1 [pid 7373] <... futex resumed>) = 0 [pid 7373] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7373] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7376] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5870] rmdir("./134" [pid 7372] <... openat resumed>) = 5 [pid 7376] <... openat resumed>) = 5 [pid 7375] <... openat resumed>) = 4 [pid 7372] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rmdir resumed>) = 0 [pid 7375] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] <... futex resumed>) = 1 [pid 7370] <... futex resumed>) = 0 [pid 5870] mkdir("./135", 0777 [pid 7376] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] <... futex resumed>) = 1 [pid 7372] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7370] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... mkdir resumed>) = 0 [pid 7372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7372] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7376] <... futex resumed>) = 1 [pid 7375] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7374] <... futex resumed>) = 0 [pid 7373] <... futex resumed>) = 0 [pid 7372] <... write resumed>) = 1116 [pid 7370] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7372] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7376] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7374] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7373] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] <... futex resumed>) = 0 [pid 7370] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... ioctl resumed>) = 0 [pid 7372] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] close(3 [pid 7376] <... write resumed>) = 1116 [pid 7375] <... futex resumed>) = 0 [pid 7374] <... futex resumed>) = 1 [pid 7373] <... futex resumed>) = 0 [pid 7370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7374] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7373] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7370] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7376] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7372] <... futex resumed>) = 0 [pid 7370] <... futex resumed>) = 1 [pid 7372] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7376] <... futex resumed>) = 1 [pid 7375] <... openat resumed>) = 5 [pid 7373] <... futex resumed>) = 0 [pid 7372] <... mmap resumed>) = 0x200000000000 [pid 7370] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 7373] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7373] <... futex resumed>) = 0 [pid 7373] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7376] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0./strace-static-x86_64: Process 7377 attached [pid 7372] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7376] <... mmap resumed>) = 0x200000000000 [pid 7372] <... futex resumed>) = 1 [pid 7376] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7376] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7373] <... futex resumed>) = 0 [pid 7377] set_robust_list(0x55557616a6a0, 24 [pid 7373] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7377] <... set_robust_list resumed>) = 0 [pid 7373] <... futex resumed>) = 1 [pid 7376] <... futex resumed>) = 0 [pid 7376] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7376] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7376] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7373] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7370] <... futex resumed>) = 0 [pid 7376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7373] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7370] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7376] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7373] <... futex resumed>) = 0 [pid 7370] <... futex resumed>) = 0 [pid 7370] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7377] chdir("./135" [pid 7375] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 285 [pid 7377] <... chdir resumed>) = 0 [pid 7375] <... futex resumed>) = 1 [pid 7374] <... futex resumed>) = 0 [pid 7372] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7377] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7375] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7374] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7374] <... futex resumed>) = 0 [pid 7377] <... prctl resumed>) = 0 [pid 7374] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7377] setpgid(0, 0 [pid 7375] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7372] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7377] <... setpgid resumed>) = 0 [pid 7375] <... write resumed>) = 1116 [pid 7372] <... futex resumed>) = 1 [pid 7370] <... futex resumed>) = 0 [pid 7375] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7370] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7372] <... futex resumed>) = 0 [pid 7370] <... futex resumed>) = 1 [pid 7372] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7377] <... openat resumed>) = 3 [pid 7375] <... futex resumed>) = 1 [pid 7375] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7374] <... futex resumed>) = 0 [pid 7374] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7374] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7377] write(3, "1000", 4 [pid 7375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7377] <... write resumed>) = 4 [pid 7375] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7377] close(3 [pid 7375] <... mmap resumed>) = 0x200000000000 [pid 7377] <... close resumed>) = 0 [pid 7375] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 7377] symlink("/dev/binderfs", "./binderfs" [pid 7375] <... futex resumed>) = 1 [pid 7374] <... futex resumed>) = 0 [pid 7374] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7377] <... symlink resumed>) = 0 [pid 7374] <... futex resumed>) = 0 [pid 7375] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7377] write(1, "executing program\n", 18 [pid 7375] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7374] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7377] <... write resumed>) = 18 [pid 7377] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7375] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7377] <... futex resumed>) = 0 [pid 7375] <... futex resumed>) = 1 [pid 7374] <... futex resumed>) = 0 [pid 7374] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7374] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7375] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7377] <... mmap resumed>) = 0x7f701fcf4000 [pid 7377] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7378 attached [pid 7378] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7378] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7378] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7377] <... clone3 resumed> => {parent_tid=[286]}, 88) = 286 [pid 7377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7377] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7377] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7378] <... futex resumed>) = 0 [pid 7378] memfd_create("syzkaller", 0) = 3 [pid 7378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7369] <... futex resumed>) = ? [pid 7371] +++ killed by SIGSEGV (core dumped) +++ [pid 7369] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=279, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5872] umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7378] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7378] <... write resumed>) = 2097152 [pid 7378] munmap(0x7f7017800000, 138412032) = 0 [pid 7378] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7378] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... umount2 resumed>) = 0 [pid 7378] <... ioctl resumed>) = 0 [pid 7376] +++ killed by SIGSEGV (core dumped) +++ [pid 7373] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=278, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5872] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7378] close(3 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7378] <... close resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 7378] close(4) = 0 [pid 7378] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7378] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5872] unlink("./134/binderfs") = 0 [pid 5868] umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] close(3) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5872] rmdir("./134") = 0 [pid 5868] newfstatat(3, "", [pid 5872] mkdir("./135", 0777 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5868] getdents64(3, [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] <... openat resumed>) = 3 [pid 5868] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 7372] +++ killed by SIGSEGV (core dumped) +++ [pid 7370] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] close(3 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=278, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5869] umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 496.587822][ T7378] loop1: detected capacity change from 0 to 4096 [pid 5869] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 281 ./strace-static-x86_64: Process 7379 attached executing program [pid 7379] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7379] chdir("./135") = 0 [pid 7379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7379] setpgid(0, 0) = 0 [pid 7379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7379] write(3, "1000", 4) = 4 [pid 7379] close(3) = 0 [pid 7379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7379] write(1, "executing program\n", 18) = 18 [pid 7379] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7379] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7380 attached => {parent_tid=[282]}, 88) = 282 [pid 7378] <... mount resumed>) = 0 [pid 7374] <... futex resumed>) = ? [pid 7379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7379] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7378] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7379] <... futex resumed>) = 0 [pid 7378] <... openat resumed>) = 3 [pid 7379] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7380] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7378] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7378] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7380] <... rseq resumed>) = 0 [pid 7378] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7380] set_robust_list(0x7f701fd149a0, 24 [pid 7378] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7377] <... futex resumed>) = 0 [pid 7377] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7380] <... set_robust_list resumed>) = 0 [pid 7378] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7377] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7380] memfd_create("syzkaller", 0) = 3 [pid 7375] +++ killed by SIGSEGV (core dumped) +++ [pid 7374] +++ killed by SIGSEGV (core dumped) +++ [pid 7380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=281, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5868] <... umount2 resumed>) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5868] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7380] <... mmap resumed>) = 0x7f7017800000 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... restart_syscall resumed>) = 0 [pid 5868] <... openat resumed>) = 4 [pid 7378] <... openat resumed>) = 4 [pid 5869] <... umount2 resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 5871] umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] getdents64(4, [pid 5871] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7378] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7377] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5868] getdents64(4, [pid 7378] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7377] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7377] <... futex resumed>) = 0 [pid 7378] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7377] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] newfstatat(3, "", [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] close(4 [pid 5871] getdents64(3, [pid 5868] <... close resumed>) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] rmdir("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... rmdir resumed>) = 0 [pid 5868] umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./134/binderfs") = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 5868] rmdir("./134" [pid 7378] <... openat resumed>) = 5 [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./135", 0777) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... openat resumed>) = 3 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] ioctl(3, LOOP_CLR_FD [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5868] close(3 [pid 7378] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] umount2("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7378] <... futex resumed>) = 1 [pid 7377] <... futex resumed>) = 0 [pid 5869] <... openat resumed>) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7378] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7377] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x33\x34\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./134/binderfs", [pid 7380] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7377] <... futex resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7378] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7377] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] unlink("./134/binderfs" [pid 7378] <... write resumed>) = 1116 [pid 5869] <... unlink resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./134") = 0 [pid 5869] mkdir("./135", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 280 [pid 5869] close(3./strace-static-x86_64: Process 7381 attached [pid 7381] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7378] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7381] chdir("./135" [pid 7378] <... futex resumed>) = 1 [pid 7377] <... futex resumed>) = 0 [pid 7381] <... chdir resumed>) = 0 [pid 7378] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7377] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7381] setpgid(0, 0 [pid 7378] <... mmap resumed>) = 0x200000000000 [pid 7377] <... futex resumed>) = 0 [pid 7381] <... setpgid resumed>) = 0 [pid 7381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7378] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7377] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7378] <... futex resumed>) = 0 [pid 7381] <... openat resumed>) = 3 [pid 7378] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7381] write(3, "1000", 4 [pid 7378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7377] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7381] <... write resumed>) = 4 [pid 7381] close(3executing program ) = 0 [pid 7378] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7377] <... futex resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 7381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7381] write(1, "executing program\n", 18) = 18 [pid 7381] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7380] <... write resumed>) = 2097152 [pid 7378] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7377] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = 0 [pid 7378] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7381] <... futex resumed>) = 0 [pid 7381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7381] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[281]}, 88) = 281 [pid 7381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7381] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7381] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7382 attached [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7380] munmap(0x7f7017800000, 138412032 [pid 7378] <... futex resumed>) = 1 [pid 7377] <... futex resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7378] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7377] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7382] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7382] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7382] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7382] memfd_create("syzkaller", 0 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 280 [pid 5871] <... openat resumed>) = 4 [pid 7382] <... memfd_create resumed>) = 3 [pid 7382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 ./strace-static-x86_64: Process 7383 attached [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7383] set_robust_list(0x55557616a6a0, 24 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4 [pid 7383] <... set_robust_list resumed>) = 0 [pid 7380] <... munmap resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7383] chdir("./135" [pid 5871] rmdir("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7383] <... chdir resumed>) = 0 [pid 7380] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7383] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7383] <... prctl resumed>) = 0 [pid 7380] <... openat resumed>) = 4 [pid 5871] newfstatat(AT_FDCWD, "./135/binderfs", [pid 7383] setpgid(0, 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7383] <... setpgid resumed>) = 0 [pid 7380] ioctl(4, LOOP_SET_FD, 3 [pid 5871] unlink("./135/binderfs" [pid 7383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... unlink resumed>) = 0 [pid 7383] <... openat resumed>) = 3 [pid 5871] getdents64(3, [pid 7382] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7383] write(3, "1000", 4 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./135") = 0 [pid 5871] mkdir("./136", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7383] <... write resumed>) = 4 [pid 7380] <... ioctl resumed>) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 7383] close(3 [pid 7380] close(3 [pid 7383] <... close resumed>) = 0 [pid 7380] <... close resumed>) = 0 [pid 5871] close(3 [pid 7383] symlink("/dev/binderfs", "./binderfs" [pid 7380] close(4 [pid 7383] <... symlink resumed>) = 0 executing program [pid 7383] write(1, "executing program\n", 18) = 18 [pid 7383] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7380] <... close resumed>) = 0 [pid 7383] <... futex resumed>) = 0 [pid 7380] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7383] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7382] <... write resumed>) = 2097152 [pid 7383] <... mprotect resumed>) = 0 [pid 7380] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7384 attached [pid 7384] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7383] <... clone3 resumed> => {parent_tid=[281]}, 88) = 281 [ 496.881221][ T7380] loop4: detected capacity change from 0 to 4096 [pid 7382] munmap(0x7f7017800000, 138412032 [pid 5871] <... close resumed>) = 0 [pid 7384] set_robust_list(0x7f701fd149a0, 24 [pid 7383] rt_sigprocmask(SIG_SETMASK, [], [pid 7382] <... munmap resumed>) = 0 [pid 7384] <... set_robust_list resumed>) = 0 [pid 7383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7382] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7384] rt_sigprocmask(SIG_SETMASK, [], [pid 7383] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7382] <... openat resumed>) = 4 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7383] <... futex resumed>) = 0 [pid 7382] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7385 attached [pid 7384] memfd_create("syzkaller", 0 [pid 7383] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 283 [pid 7385] set_robust_list(0x55557616a6a0, 24 [pid 7384] <... memfd_create resumed>) = 3 executing program [pid 7384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7385] <... set_robust_list resumed>) = 0 [pid 7385] chdir("./136") = 0 [pid 7385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7385] setpgid(0, 0 [pid 7384] <... mmap resumed>) = 0x7f7017800000 [pid 7385] <... setpgid resumed>) = 0 [pid 7385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7385] write(3, "1000", 4) = 4 [pid 7385] close(3) = 0 [pid 7385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7385] write(1, "executing program\n", 18) = 18 [pid 7385] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7385] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[284]}, 88) = 284 ./strace-static-x86_64: Process 7386 attached [pid 7385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7382] <... ioctl resumed>) = 0 [pid 7385] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7385] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7386] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7382] close(3 [pid 7386] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7386] memfd_create("syzkaller", 0 [pid 7382] <... close resumed>) = 0 [pid 7386] <... memfd_create resumed>) = 3 [pid 7386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7382] close(4) = 0 [pid 7382] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 496.958128][ T7382] loop0: detected capacity change from 0 to 4096 [pid 7382] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7380] <... mount resumed>) = 0 [pid 7380] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7380] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7380] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7380] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7379] <... futex resumed>) = 0 [pid 7380] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7379] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7379] <... futex resumed>) = 0 [pid 7380] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7379] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7380] <... openat resumed>) = 4 [pid 7384] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7380] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7379] <... futex resumed>) = 0 [pid 7379] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7380] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7379] <... futex resumed>) = 0 [pid 7379] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7380] <... openat resumed>) = 5 [pid 7380] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7379] <... futex resumed>) = 0 [pid 7379] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7379] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7380] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7380] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7379] <... futex resumed>) = 0 [pid 7386] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7380] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7379] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7380] <... mmap resumed>) = 0x200000000000 [pid 7379] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7380] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7379] <... futex resumed>) = 0 [pid 7380] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7379] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7379] <... futex resumed>) = 0 [pid 7380] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7379] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7380] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7380] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7379] <... futex resumed>) = 0 [pid 7377] <... futex resumed>) = ? [pid 7380] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7379] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7379] <... futex resumed>) = 0 [pid 7380] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7379] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7378] +++ killed by SIGSEGV (core dumped) +++ [pid 7377] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=285, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=13 /* 0.13 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5870] umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7384] <... write resumed>) = 2097152 [pid 7384] munmap(0x7f7017800000, 138412032 [pid 7382] <... mount resumed>) = 0 [pid 7382] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7386] <... write resumed>) = 2097152 [pid 7384] <... munmap resumed>) = 0 [pid 7382] <... openat resumed>) = 3 [pid 7386] munmap(0x7f7017800000, 138412032 [pid 7382] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7386] <... munmap resumed>) = 0 [pid 7382] <... chdir resumed>) = 0 [pid 7384] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7386] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7384] <... openat resumed>) = 4 [pid 7382] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7384] ioctl(4, LOOP_SET_FD, 3 [pid 7382] <... futex resumed>) = 1 [pid 7382] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7381] <... futex resumed>) = 0 [pid 7381] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7381] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7382] <... futex resumed>) = 0 [pid 7382] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7386] <... openat resumed>) = 4 [pid 7386] ioctl(4, LOOP_SET_FD, 3 [pid 7382] <... openat resumed>) = 4 [pid 7382] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7382] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7381] <... futex resumed>) = 0 [pid 7381] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7382] <... futex resumed>) = 0 [pid 7382] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7381] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7384] <... ioctl resumed>) = 0 [pid 7384] close(3) = 0 [pid 7382] <... openat resumed>) = 5 [pid 7384] close(4) = 0 [pid 7384] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7382] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7381] <... futex resumed>) = 0 [pid 7382] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7381] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7382] <... write resumed>) = 1116 [pid 7381] <... futex resumed>) = 0 [pid 7382] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7384] <... mkdir resumed>) = 0 [pid 7381] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7384] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7382] <... futex resumed>) = 0 [pid 7381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7381] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7382] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7381] <... futex resumed>) = 0 [pid 7382] <... mmap resumed>) = 0x200000000000 [pid 7381] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7382] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7381] <... futex resumed>) = 0 [pid 7381] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7381] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7386] <... ioctl resumed>) = 0 [pid 7382] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7386] close(3 [pid 7382] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7386] <... close resumed>) = 0 [pid 7382] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7386] close(4 [pid 7382] <... futex resumed>) = 1 [pid 7381] <... futex resumed>) = 0 [pid 7386] <... close resumed>) = 0 [pid 7382] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7381] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7386] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [ 497.121668][ T7384] loop2: detected capacity change from 0 to 4096 [ 497.131057][ T7386] loop3: detected capacity change from 0 to 4096 [pid 7386] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./135/binderfs" [pid 7384] <... mount resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7384] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7384] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] close(3 [pid 7384] <... chdir resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 7384] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] rmdir("./135" [pid 7384] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7384] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7383] <... futex resumed>) = 0 [pid 7383] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7383] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7384] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./136", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7384] <... openat resumed>) = 4 [pid 7379] <... futex resumed>) = ? [pid 7380] +++ killed by SIGSEGV (core dumped) +++ [pid 7379] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=281, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7384] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7383] <... futex resumed>) = 0 [pid 7384] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7383] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7383] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 7386] <... mount resumed>) = 0 [pid 7384] <... openat resumed>) = 5 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7384] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7386] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7384] <... futex resumed>) = 1 [pid 7383] <... futex resumed>) = 0 [pid 7386] <... openat resumed>) = 3 [pid 7384] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7383] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7386] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7384] <... write resumed>) = 1116 [pid 7383] <... futex resumed>) = 0 [pid 7386] <... chdir resumed>) = 0 [pid 7384] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7383] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7386] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7384] <... futex resumed>) = 0 [pid 7383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7386] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7384] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7383] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7386] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7384] <... mmap resumed>) = 0x200000000000 [pid 7383] <... futex resumed>) = 0 [pid 7386] <... futex resumed>) = 1 [pid 7384] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7383] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7386] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7384] <... futex resumed>) = 0 [pid 7383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7384] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7383] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7384] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7383] <... futex resumed>) = 0 [pid 7384] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7383] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7385] <... futex resumed>) = 0 [pid 7384] <... futex resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7385] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7384] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7383] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7384] <... futex resumed>) = 0 [pid 7383] <... futex resumed>) = 1 [pid 7384] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7383] ???( [pid 7386] <... futex resumed>) = 0 [pid 7385] <... futex resumed>) = 1 ./strace-static-x86_64: Process 7387 attached [pid 7386] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7387] set_robust_list(0x55557616a6a0, 24 [pid 7385] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 287 [pid 7387] <... set_robust_list resumed>) = 0 [pid 7387] chdir("./136") = 0 [pid 7387] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7386] <... openat resumed>) = 4 [pid 7387] <... prctl resumed>) = 0 [pid 7386] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7387] setpgid(0, 0 [pid 7386] <... futex resumed>) = 1 [pid 7385] <... futex resumed>) = 0 [pid 7385] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7386] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7385] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7387] <... setpgid resumed>) = 0 [pid 7387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7386] <... openat resumed>) = 5 [pid 7386] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7386] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7387] <... openat resumed>) = 3 [pid 7385] <... futex resumed>) = 0 [pid 7385] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7386] <... futex resumed>) = 0 [pid 7386] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7386] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7386] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7387] write(3, "1000", 4 [pid 7385] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7387] <... write resumed>) = 4 executing program [pid 7387] close(3 [pid 7385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7385] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7387] <... close resumed>) = 0 [pid 7385] <... futex resumed>) = 1 [pid 7387] symlink("/dev/binderfs", "./binderfs" [pid 7385] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7387] <... symlink resumed>) = 0 [pid 7386] <... futex resumed>) = 0 [pid 7387] write(1, "executing program\n", 18 [pid 7386] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7386] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7385] <... futex resumed>) = 0 [pid 7387] <... write resumed>) = 18 [pid 7385] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7387] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7386] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7385] <... futex resumed>) = 0 [pid 7387] <... futex resumed>) = 0 [pid 7386] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7386] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7385] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7387] <... mmap resumed>) = 0x7f701fcf4000 [pid 7385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7387] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7385] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7386] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7387] <... mprotect resumed>) = 0 [pid 7385] <... futex resumed>) = 0 [pid 7387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7381] <... futex resumed>) = ? [pid 5872] <... umount2 resumed>) = 0 [pid 7387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7388 attached [pid 5872] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7388] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7387] <... clone3 resumed> => {parent_tid=[288]}, 88) = 288 [pid 7387] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7387] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7387] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7388] <... rseq resumed>) = 0 [pid 7388] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7388] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7382] +++ killed by SIGSEGV (core dumped) +++ [pid 7381] +++ killed by SIGSEGV (core dumped) +++ [pid 7388] memfd_create("syzkaller", 0 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=280, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 5872] getdents64(4, [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 7388] <... memfd_create resumed>) = 3 [pid 5872] rmdir("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./135/binderfs", [pid 7388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7388] <... mmap resumed>) = 0x7f7017800000 [pid 5872] unlink("./135/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./135") = 0 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] mkdir("./136", 0777 [pid 5868] newfstatat(3, "", [pid 5872] <... mkdir resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] getdents64(3, [pid 5872] <... openat resumed>) = 3 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7388] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5872] <... close resumed>) = 0 [pid 7388] munmap(0x7f7017800000, 138412032) = 0 [pid 7388] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7388] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... umount2 resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 283 ./strace-static-x86_64: Process 7389 attached [pid 7389] set_robust_list(0x55557616a6a0, 24 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7389] <... set_robust_list resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7389] chdir("./136" [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7389] <... chdir resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7389] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", [pid 7389] <... prctl resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, [pid 7389] setpgid(0, 0 [pid 7384] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7383] <... ??? resumed>) = ? [pid 7389] <... setpgid resumed>) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 7389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7383] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] rmdir("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7389] <... openat resumed>) = 3 [pid 7386] +++ killed by SIGSEGV (core dumped) +++ [pid 7385] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=280, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5868] <... rmdir resumed>) = 0 [pid 7388] <... ioctl resumed>) = 0 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=283, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5868] umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7389] write(3, "1000", 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./135/binderfs", [pid 7389] <... write resumed>) = 4 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7389] close(3 [pid 5868] unlink("./135/binderfs") = 0 [pid 5869] umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] getdents64(3, [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5869] openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7389] <... close resumed>) = 0 [pid 7389] symlink("/dev/binderfs", "./binderfs" [pid 5869] <... openat resumed>) = 3 [pid 5868] close(3 [pid 7388] close(3) = 0 [pid 7389] <... symlink resumed>) = 0 [pid 7388] close(4 [pid 5869] newfstatat(3, "", [pid 7389] write(1, "executing program\n", 18 [pid 5868] <... close resumed>) = 0 [pid 7388] <... close resumed>) = 0 [pid 7389] <... write resumed>) = 18 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] rmdir("./135" [pid 7389] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] getdents64(3, [pid 7388] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5868] <... rmdir resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7389] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] mkdir("./136", 0777 [pid 7389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7389] <... mmap resumed>) = 0x7f701fcf4000 [pid 5868] <... mkdir resumed>) = 0 [pid 7389] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... openat resumed>) = 3 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7389] <... mprotect resumed>) = 0 [pid 5871] newfstatat(3, "", [pid 5868] <... openat resumed>) = 3 [ 497.509632][ T7388] loop1: detected capacity change from 0 to 4096 [pid 7389] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7389] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] getdents64(3, [pid 5868] <... ioctl resumed>) = 0 [pid 7389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] close(3 [pid 7389] <... clone3 resumed> => {parent_tid=[284]}, 88) = 284 ./strace-static-x86_64: Process 7390 attached [pid 5871] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7390] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7389] rt_sigprocmask(SIG_SETMASK, [], [pid 7390] <... rseq resumed>) = 0 [pid 7390] set_robust_list(0x7f701fd149a0, 24 [pid 7389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... close resumed>) = 0 [pid 7390] <... set_robust_list resumed>) = 0 [pid 7389] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] rt_sigprocmask(SIG_SETMASK, [], [pid 7389] <... futex resumed>) = 0 [pid 7390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7389] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7388] <... mkdir resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7390] memfd_create("syzkaller", 0 [pid 7388] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"..../strace-static-x86_64: Process 7391 attached [pid 7391] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7391] chdir("./136") = 0 [pid 7391] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7390] <... memfd_create resumed>) = 3 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 282 [pid 7390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7391] <... prctl resumed>) = 0 executing program [pid 7391] setpgid(0, 0 [pid 7390] <... mmap resumed>) = 0x7f7017800000 [pid 7391] <... setpgid resumed>) = 0 [pid 7391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7391] write(3, "1000", 4) = 4 [pid 7391] close(3) = 0 [pid 7391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7391] write(1, "executing program\n", 18) = 18 [pid 7391] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7391] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7392 attached [pid 7392] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7391] <... clone3 resumed> => {parent_tid=[283]}, 88) = 283 [pid 7392] <... rseq resumed>) = 0 [pid 7392] set_robust_list(0x7f701fd149a0, 24 [pid 7391] rt_sigprocmask(SIG_SETMASK, [], [pid 7392] <... set_robust_list resumed>) = 0 [pid 7391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7392] rt_sigprocmask(SIG_SETMASK, [], [pid 7391] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7391] <... futex resumed>) = 0 [pid 7392] memfd_create("syzkaller", 0 [pid 7391] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7392] <... memfd_create resumed>) = 3 [pid 7392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5869] <... umount2 resumed>) = 0 [pid 7392] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7390] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... umount2 resumed>) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... openat resumed>) = 4 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5869] newfstatat(4, "", [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] getdents64(4, [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5869] close(4 [pid 5871] newfstatat(4, "", [pid 5869] <... close resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x33\x35\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5871] getdents64(4, [pid 7392] <... write resumed>) = 2097152 [pid 7390] <... write resumed>) = 2097152 [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] getdents64(4, [pid 7392] munmap(0x7f7017800000, 138412032 [pid 7390] munmap(0x7f7017800000, 138412032 [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] close(4 [pid 5869] newfstatat(AT_FDCWD, "./135/binderfs", [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5869] unlink("./135/binderfs" [pid 5871] umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... unlink resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7390] <... munmap resumed>) = 0 [pid 5871] unlink("./136/binderfs" [pid 7392] <... munmap resumed>) = 0 [pid 5869] getdents64(3, [pid 7392] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7390] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7388] <... mount resumed>) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3 [pid 7392] <... openat resumed>) = 4 [pid 5871] close(3 [pid 5869] <... close resumed>) = 0 [pid 7390] <... openat resumed>) = 4 [pid 7388] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7390] ioctl(4, LOOP_SET_FD, 3 [pid 5869] rmdir("./135" [pid 5871] <... close resumed>) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./136", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5871] rmdir("./136" [pid 7388] <... openat resumed>) = 3 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] mkdir("./137", 0777 [pid 7392] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 5869] <... close resumed>) = 0 [pid 7392] <... ioctl resumed>) = 0 [pid 7390] <... ioctl resumed>) = 0 [pid 7388] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] <... close resumed>) = 0 [pid 7392] close(3 [pid 7390] close(3 [pid 7388] <... chdir resumed>) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7388] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7392] <... close resumed>) = 0 [pid 7390] <... close resumed>) = 0 [pid 7392] close(4 [pid 7390] close(4 [pid 7388] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 7393 attached [pid 7392] <... close resumed>) = 0 [pid 7390] <... close resumed>) = 0 [pid 7392] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7390] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7392] <... mkdir resumed>) = 0 [pid 7390] <... mkdir resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 282 [pid 7392] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7390] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7393] set_robust_list(0x55557616a6a0, 24 [pid 7388] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] <... set_robust_list resumed>) = 0 [pid 7388] <... futex resumed>) = 1 [pid 7387] <... futex resumed>) = 0 [pid 7387] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7388] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7393] chdir("./136" [pid 7387] <... futex resumed>) = 0 [pid 7393] <... chdir resumed>) = 0 [pid 7388] <... openat resumed>) = 4 [pid 7387] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7388] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7393] <... prctl resumed>) = 0 [pid 7388] <... futex resumed>) = 0 [pid 7387] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] setpgid(0, 0 [pid 7388] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7387] <... futex resumed>) = 0 [pid 7393] <... setpgid resumed>) = 0 [pid 7387] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7394 attached [pid 7393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7394] set_robust_list(0x55557616a6a0, 24) = 0 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 285 [pid 7394] chdir("./137" [pid 7393] <... openat resumed>) = 3 [pid 7388] <... openat resumed>) = 5 [pid 7394] <... chdir resumed>) = 0 [pid 7394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7394] setpgid(0, 0executing program ) = 0 [pid 7393] write(3, "1000", 4 [pid 7388] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7393] <... write resumed>) = 4 [pid 7388] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7387] <... futex resumed>) = 0 [pid 7387] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7393] close(3) = 0 [pid 7388] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7393] symlink("/dev/binderfs", "./binderfs" [pid 7388] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7393] <... symlink resumed>) = 0 [pid 7388] <... futex resumed>) = 0 [pid 7394] <... openat resumed>) = 3 [pid 7393] write(1, "executing program\n", 18 [pid 7388] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7387] <... futex resumed>) = 0 [pid 7394] write(3, "1000", 4 [pid 7393] <... write resumed>) = 18 [pid 7394] <... write resumed>) = 4 executing program [pid 7393] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7394] close(3 [pid 7387] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7394] <... close resumed>) = 0 [pid 7394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7393] <... futex resumed>) = 0 [pid 7387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7394] write(1, "executing program\n", 18) = 18 [pid 7394] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7394] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [ 497.716914][ T7390] loop4: detected capacity change from 0 to 4096 [ 497.737434][ T7392] loop0: detected capacity change from 0 to 4096 [pid 7394] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7390] <... mount resumed>) = 0 [pid 7387] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] <... mmap resumed>) = 0x7f701fcf4000 [pid 7388] <... futex resumed>) = 0 [pid 7387] <... futex resumed>) = 1 [pid 7393] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7388] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7387] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7393] <... mprotect resumed>) = 0 [pid 7388] <... mmap resumed>) = 0x200000000000 [pid 7388] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7390] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7388] <... futex resumed>) = 1 [pid 7387] <... futex resumed>) = 0 [pid 7394] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7393] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7390] <... openat resumed>) = 3 [pid 7394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7390] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7387] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... chdir resumed>) = 0 [pid 7390] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7394] <... clone3 resumed> => {parent_tid=[286]}, 88) = 286 [pid 7390] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7394] rt_sigprocmask(SIG_SETMASK, [], [pid 7390] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7390] <... futex resumed>) = 1 [pid 7394] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7394] <... futex resumed>) = 0 [pid 7394] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7389] <... futex resumed>) = 0 [pid 7387] <... futex resumed>) = 0 [pid 7388] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}./strace-static-x86_64: Process 7395 attached [pid 7393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7389] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7388] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7387] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7396 attached [pid 7395] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7390] <... futex resumed>) = 0 [pid 7389] <... futex resumed>) = 1 [pid 7388] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7396] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7395] <... rseq resumed>) = 0 [pid 7393] <... clone3 resumed> => {parent_tid=[283]}, 88) = 283 [pid 7390] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7389] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7388] <... futex resumed>) = 0 [pid 7387] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7396] <... rseq resumed>) = 0 [pid 7395] set_robust_list(0x7f701fd149a0, 24 [pid 7393] rt_sigprocmask(SIG_SETMASK, [], [pid 7388] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7387] <... futex resumed>) = ? [pid 7396] set_robust_list(0x7f701fd149a0, 24 [pid 7395] <... set_robust_list resumed>) = 0 [pid 7393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7393] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7395] rt_sigprocmask(SIG_SETMASK, [], [pid 7393] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7395] memfd_create("syzkaller", 0 [pid 7396] <... set_robust_list resumed>) = 0 [pid 7390] <... openat resumed>) = 4 [pid 7396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7396] memfd_create("syzkaller", 0 [pid 7390] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] <... memfd_create resumed>) = 3 [pid 7395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7390] <... futex resumed>) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7389] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7389] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7390] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7396] <... memfd_create resumed>) = 3 [pid 7396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7390] <... openat resumed>) = 5 [pid 7390] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7389] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] <... mount resumed>) = 0 [pid 7389] <... futex resumed>) = 0 [pid 7392] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7389] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7392] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7390] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7392] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... write resumed>) = 1116 [pid 7392] <... futex resumed>) = 1 [pid 7391] <... futex resumed>) = 0 [pid 7390] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7391] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... futex resumed>) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7391] <... futex resumed>) = 0 [pid 7390] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7389] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7391] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7389] <... futex resumed>) = 0 [pid 7392] <... openat resumed>) = 4 [pid 7390] <... mmap resumed>) = 0x200000000000 [pid 7389] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7392] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7391] <... futex resumed>) = 0 [pid 7392] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7391] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] <... futex resumed>) = 0 [pid 7391] <... futex resumed>) = 1 [pid 7392] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7392] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7391] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7392] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7391] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] <... futex resumed>) = 0 [pid 7391] <... futex resumed>) = 1 [pid 7392] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7391] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7392] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7392] <... futex resumed>) = 0 [pid 7391] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7391] <... futex resumed>) = 0 [pid 7392] <... mmap resumed>) = 0x200000000000 [pid 7390] <... futex resumed>) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7392] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7391] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7392] <... futex resumed>) = 0 [pid 7391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7392] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7391] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7392] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7391] <... futex resumed>) = 0 [pid 7392] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7391] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7392] <... futex resumed>) = 0 [pid 7391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7392] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7391] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7389] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7389] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7390] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7390] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7389] <... futex resumed>) = 0 [pid 7396] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7390] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7389] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7389] <... futex resumed>) = 0 [pid 7390] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7389] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7395] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7396] <... write resumed>) = 2097152 [pid 7396] munmap(0x7f7017800000, 138412032) = 0 [pid 7395] <... write resumed>) = 2097152 [pid 7396] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7396] ioctl(4, LOOP_SET_FD, 3 [pid 7395] munmap(0x7f7017800000, 138412032) = 0 [pid 7395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7395] ioctl(4, LOOP_SET_FD, 3 [pid 7396] <... ioctl resumed>) = 0 [pid 7396] close(3) = 0 [pid 7396] close(4) = 0 [pid 7396] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7396] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7395] <... ioctl resumed>) = 0 [pid 7395] close(3) = 0 [pid 7395] close(4 [pid 7388] +++ killed by SIGSEGV (core dumped) +++ [pid 7395] <... close resumed>) = 0 [pid 7387] +++ killed by SIGSEGV (core dumped) +++ [pid 7395] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=287, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7395] <... mkdir resumed>) = 0 [pid 7395] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5870] <... restart_syscall resumed>) = 0 [pid 5870] umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [ 497.970957][ T7396] loop2: detected capacity change from 0 to 4096 [ 498.000543][ T7395] loop3: detected capacity change from 0 to 4096 [pid 5870] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7396] <... mount resumed>) = 0 [pid 7391] <... futex resumed>) = ? [pid 7396] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7396] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7396] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7396] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7396] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7393] <... futex resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 7393] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7396] <... futex resumed>) = 0 [pid 7393] <... futex resumed>) = 1 [pid 7392] +++ killed by SIGSEGV (core dumped) +++ [pid 7391] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7396] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7393] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7396] <... openat resumed>) = 4 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=282, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 7396] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7389] <... futex resumed>) = ? [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7396] <... futex resumed>) = 1 [pid 7393] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7393] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7393] <... futex resumed>) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7393] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7396] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7396] <... openat resumed>) = 5 [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 7396] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7396] <... futex resumed>) = 1 [pid 7393] <... futex resumed>) = 0 [pid 5870] getdents64(4, [pid 7393] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7393] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7396] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7396] <... write resumed>) = 1116 [pid 5870] getdents64(4, [pid 7396] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7396] <... futex resumed>) = 1 [pid 7393] <... futex resumed>) = 0 [pid 5870] close(4 [pid 7396] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7393] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... close resumed>) = 0 [pid 7396] <... mmap resumed>) = 0x200000000000 [pid 7393] <... futex resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7396] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7390] +++ killed by SIGSEGV (core dumped) +++ [pid 7389] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... rmdir resumed>) = 0 [pid 7396] <... futex resumed>) = 0 [pid 7393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7396] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7393] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7396] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7393] <... futex resumed>) = 0 [pid 7396] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7393] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] newfstatat(AT_FDCWD, "./136/binderfs", [pid 7396] <... futex resumed>) = 0 [pid 7393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7396] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7393] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] unlink("./136/binderfs" [pid 7396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7393] <... futex resumed>) = 0 [pid 5870] <... unlink resumed>) = 0 [pid 7396] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7395] <... mount resumed>) = 0 [pid 7393] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=283, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 7395] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5870] getdents64(3, [pid 7395] <... openat resumed>) = 3 [pid 5870] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5870] rmdir("./136" [pid 7395] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5870] <... rmdir resumed>) = 0 [pid 5872] umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7395] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] mkdir("./137", 0777 [pid 5872] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] <... mkdir resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7395] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] newfstatat(3, "", [pid 5870] <... openat resumed>) = 3 [pid 7395] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7395] <... futex resumed>) = 1 [pid 5872] getdents64(3, [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7395] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7394] <... futex resumed>) = 0 [pid 7394] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7394] <... futex resumed>) = 1 [pid 7395] <... futex resumed>) = 0 [pid 7395] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7394] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7395] <... openat resumed>) = 4 [pid 7395] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7397 attached [pid 5868] <... umount2 resumed>) = 0 [pid 7397] set_robust_list(0x55557616a6a0, 24 [pid 7395] <... futex resumed>) = 1 [pid 7394] <... futex resumed>) = 0 [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 289 [pid 7395] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7394] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7394] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7397] <... set_robust_list resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7397] chdir("./137" [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7395] <... openat resumed>) = 5 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7397] <... chdir resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7397] <... prctl resumed>) = 0 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7397] setpgid(0, 0 [pid 5868] <... openat resumed>) = 4 [pid 7397] <... setpgid resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 7395] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7397] <... openat resumed>) = 3 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, [pid 7397] write(3, "1000", 4 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7397] <... write resumed>) = 4 [pid 7395] <... futex resumed>) = 1 [pid 7394] <... futex resumed>) = 0 [pid 5868] close(4 [pid 7394] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7394] <... futex resumed>) = 0 [pid 7397] close(3 [pid 5868] <... close resumed>) = 0 [pid 7394] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 7397] <... close resumed>) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7397] symlink("/dev/binderfs", "./binderfs" [pid 5868] <... rmdir resumed>) = 0 [pid 7397] <... symlink resumed>) = 0 [pid 5868] umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7397] write(1, "executing program\n", 18 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7397] <... write resumed>) = 18 [pid 5868] newfstatat(AT_FDCWD, "./136/binderfs", [pid 7397] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7397] <... futex resumed>) = 0 [pid 5868] unlink("./136/binderfs" [pid 7397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] <... unlink resumed>) = 0 [pid 7397] <... mmap resumed>) = 0x7f701fcf4000 [pid 5868] getdents64(3, [pid 7397] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7395] <... write resumed>) = 1116 [pid 5872] <... umount2 resumed>) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7395] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7397] <... mprotect resumed>) = 0 [pid 7395] <... futex resumed>) = 1 [pid 7394] <... futex resumed>) = 0 [pid 5868] close(3 [pid 7397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7395] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7394] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7394] <... futex resumed>) = 0 [pid 5868] rmdir("./136" [pid 7394] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5868] <... rmdir resumed>) = 0 [pid 5868] mkdir("./137", 0777./strace-static-x86_64: Process 7398 attached [pid 7397] <... clone3 resumed> => {parent_tid=[290]}, 88) = 290 [pid 5868] <... mkdir resumed>) = 0 [pid 7397] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7397] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7397] <... futex resumed>) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 7397] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] close(3 [pid 7398] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7395] <... mmap resumed>) = 0x200000000000 [pid 5872] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7398] <... rseq resumed>) = 0 [pid 7398] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7398] memfd_create("syzkaller", 0) = 3 [pid 7398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7395] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 7395] <... futex resumed>) = 1 [pid 7394] <... futex resumed>) = 0 [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7395] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7394] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7394] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7395] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7394] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7395] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7395] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7399 attached ) = 1 [pid 7394] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 7395] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7394] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] newfstatat(4, "", [pid 7394] <... futex resumed>) = 0 [pid 7395] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7394] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 284 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7399] set_robust_list(0x55557616a6a0, 24 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 7399] <... set_robust_list resumed>) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7399] chdir("./137" [pid 5872] <... rmdir resumed>) = 0 [pid 7399] <... chdir resumed>) = 0 [pid 5872] umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7399] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7399] <... prctl resumed>) = 0 [pid 5872] unlink("./136/binderfs" [pid 7398] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7399] setpgid(0, 0 [pid 5872] <... unlink resumed>) = 0 [pid 7399] <... setpgid resumed>) = 0 [pid 5872] getdents64(3, [pid 7399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 7399] <... openat resumed>) = 3 [pid 5872] <... close resumed>) = 0 [pid 7399] write(3, "1000", 4 [pid 5872] rmdir("./136" [pid 7399] <... write resumed>) = 4 [pid 7399] close(3 [pid 7398] <... write resumed>) = 2097152 [pid 5872] <... rmdir resumed>) = 0 [pid 7399] <... close resumed>) = 0 [pid 7398] munmap(0x7f7017800000, 138412032 [pid 5872] mkdir("./137", 0777 [pid 7399] symlink("/dev/binderfs", "./binderfs" [pid 7396] +++ killed by SIGSEGV (core dumped) +++ [pid 7399] <... symlink resumed>) = 0 [pid 7399] write(1, "executing program\n", 18 [pid 5872] <... mkdir resumed>) = 0 [pid 7393] <... futex resumed>) = ? executing program [pid 7399] <... write resumed>) = 18 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7393] +++ killed by SIGSEGV (core dumped) +++ [pid 7399] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... openat resumed>) = 3 [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=282, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 7399] <... futex resumed>) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 7399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5872] <... ioctl resumed>) = 0 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7399] <... mmap resumed>) = 0x7f701fcf4000 [pid 5872] close(3 [pid 7399] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, [pid 7399] <... mprotect resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7399] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7398] <... munmap resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 7399] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7400 attached [pid 7400] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7399] <... clone3 resumed> => {parent_tid=[285]}, 88) = 285 [pid 7398] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7400] <... rseq resumed>) = 0 [pid 7399] rt_sigprocmask(SIG_SETMASK, [], [pid 7398] <... openat resumed>) = 4 [pid 7398] ioctl(4, LOOP_SET_FD, 3 [pid 7400] set_robust_list(0x7f701fd149a0, 24 [pid 7399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7401 attached [pid 7400] <... set_robust_list resumed>) = 0 [pid 7399] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] rt_sigprocmask(SIG_SETMASK, [], [pid 7399] <... futex resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 285 [pid 7400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7399] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7401] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7401] chdir("./137" [pid 7400] memfd_create("syzkaller", 0 [pid 7401] <... chdir resumed>) = 0 [pid 7400] <... memfd_create resumed>) = 3 [pid 7401] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7401] <... prctl resumed>) = 0 [pid 7401] setpgid(0, 0 [pid 7400] <... mmap resumed>) = 0x7f7017800000 [pid 7401] <... setpgid resumed>) = 0 [pid 7401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7401] write(3, "1000", 4) = 4 [pid 7401] close(3) = 0 [pid 7401] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7401] write(1, "executing program\n", 18) = 18 [pid 7401] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7401] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[286]}, 88) = 286 [pid 7401] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7402 attached NULL, 8) = 0 [pid 7401] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7402] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7398] <... ioctl resumed>) = 0 [pid 7402] set_robust_list(0x7f701fd149a0, 24 [pid 7398] close(3 [pid 7402] <... set_robust_list resumed>) = 0 [pid 7398] <... close resumed>) = 0 [pid 7402] rt_sigprocmask(SIG_SETMASK, [], [pid 7398] close(4 [pid 7402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7398] <... close resumed>) = 0 [pid 7402] memfd_create("syzkaller", 0 [pid 7398] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 7398] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7402] <... memfd_create resumed>) = 3 [pid 7402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [ 498.502353][ T7398] loop1: detected capacity change from 0 to 4096 [pid 5869] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x33\x36\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./136/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./136") = 0 [pid 5869] mkdir("./137", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7400] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... close resumed>) = 0 [pid 7402] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7403 attached [pid 7403] set_robust_list(0x55557616a6a0, 24 [pid 7394] <... futex resumed>) = ? [pid 7403] <... set_robust_list resumed>) = 0 [pid 7403] chdir("./137") = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 284 [pid 7403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7403] setpgid(0, 0) = 0 [pid 7403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 7403] write(3, "1000", 4) = 4 [pid 7403] close(3) = 0 [pid 7403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7403] write(1, "executing program\n", 18) = 18 [pid 7403] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7403] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7403] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7395] +++ killed by SIGSEGV (core dumped) +++ [pid 7394] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=285, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 7403] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7398] <... mount resumed>) = 0 [pid 7403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7398] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 7404 attached ) = 3 [pid 7403] <... clone3 resumed> => {parent_tid=[285]}, 88) = 285 [pid 7398] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7403] rt_sigprocmask(SIG_SETMASK, [], [pid 7398] <... chdir resumed>) = 0 [pid 7403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7398] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7403] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7398] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7403] <... futex resumed>) = 0 [pid 7398] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7403] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7398] <... futex resumed>) = 1 [pid 7397] <... futex resumed>) = 0 [pid 7397] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7398] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7397] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7404] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7404] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7404] rt_sigprocmask(SIG_SETMASK, [], [pid 7400] <... write resumed>) = 2097152 [pid 7404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7398] <... openat resumed>) = 4 [pid 7404] memfd_create("syzkaller", 0 [pid 7398] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7397] <... futex resumed>) = 0 [pid 7397] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7397] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7398] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7404] <... memfd_create resumed>) = 3 [pid 7402] <... write resumed>) = 2097152 [pid 7400] munmap(0x7f7017800000, 138412032 [pid 7404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7402] munmap(0x7f7017800000, 138412032 [pid 5871] umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7400] <... munmap resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7398] <... openat resumed>) = 5 [pid 5871] <... openat resumed>) = 3 [pid 5871] newfstatat(3, "", [pid 7402] <... munmap resumed>) = 0 [pid 7400] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7398] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7400] <... openat resumed>) = 4 [pid 7398] <... futex resumed>) = 1 [pid 7397] <... futex resumed>) = 0 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7402] <... openat resumed>) = 4 [pid 7400] ioctl(4, LOOP_SET_FD, 3 [pid 7398] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7397] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7404] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7402] ioctl(4, LOOP_SET_FD, 3 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7404] <... write resumed>) = 2097152 [pid 7402] <... ioctl resumed>) = 0 [pid 7400] <... ioctl resumed>) = 0 [pid 7398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7397] <... futex resumed>) = 0 [pid 7404] munmap(0x7f7017800000, 138412032 [pid 7402] close(3 [pid 7400] close(3 [pid 7398] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7397] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7402] <... close resumed>) = 0 [pid 7400] <... close resumed>) = 0 [pid 7402] close(4 [pid 7400] close(4 [pid 7398] <... write resumed>) = 1116 [pid 7402] <... close resumed>) = 0 [pid 7400] <... close resumed>) = 0 [pid 7398] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7400] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7398] <... futex resumed>) = 1 [pid 7397] <... futex resumed>) = 0 [pid 7402] <... mkdir resumed>) = 0 [pid 7397] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7400] <... mkdir resumed>) = 0 [pid 7398] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7397] <... futex resumed>) = 0 [pid 7397] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7400] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7398] <... mmap resumed>) = 0x200000000000 [pid 7398] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7397] <... futex resumed>) = 0 [pid 7398] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7397] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7397] <... futex resumed>) = 0 [pid 7398] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7397] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7398] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7398] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7397] <... futex resumed>) = 0 [pid 7398] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7397] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7397] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7398] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7404] <... munmap resumed>) = 0 [pid 7404] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 498.699449][ T7400] loop0: detected capacity change from 0 to 4096 [ 498.706130][ T7402] loop4: detected capacity change from 0 to 4096 [pid 7404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 7404] close(3) = 0 [pid 7404] close(4) = 0 [pid 7404] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7404] <... mkdir resumed>) = 0 [pid 7404] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [ 498.758181][ T7404] loop2: detected capacity change from 0 to 4096 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./137/binderfs") = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7402] <... mount resumed>) = 0 [pid 7400] <... mount resumed>) = 0 [pid 5871] close(3 [pid 7402] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7400] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5871] <... close resumed>) = 0 [pid 5871] rmdir("./137") = 0 [pid 7400] <... openat resumed>) = 3 [pid 5871] mkdir("./138", 0777 [pid 7402] <... openat resumed>) = 3 [pid 5871] <... mkdir resumed>) = 0 [pid 7402] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7400] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7402] <... chdir resumed>) = 0 [pid 7400] <... chdir resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 7402] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7400] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5871] ioctl(3, LOOP_CLR_FD [pid 7402] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7400] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3 [pid 7402] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7400] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7401] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] <... futex resumed>) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7400] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7399] <... futex resumed>) = 0 [pid 7399] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7399] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7404] <... mount resumed>) = 0 [pid 7402] <... openat resumed>) = 4 [pid 7400] <... futex resumed>) = 0 [pid 5871] <... close resumed>) = 0 [pid 7404] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7402] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7404] <... openat resumed>) = 3 [pid 7404] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7404] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7402] <... futex resumed>) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7400] <... openat resumed>) = 4 [pid 7404] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7402] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7401] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7405 attached [pid 7404] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... openat resumed>) = 5 [pid 7401] <... futex resumed>) = 0 [pid 7400] <... futex resumed>) = 1 [pid 7399] <... futex resumed>) = 0 [pid 7404] <... futex resumed>) = 1 [pid 7403] <... futex resumed>) = 0 [pid 7402] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7400] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7404] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7403] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7403] <... futex resumed>) = 0 [pid 7401] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7399] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7403] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7401] <... futex resumed>) = 0 [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7400] <... futex resumed>) = 0 [pid 7399] <... futex resumed>) = 1 [pid 7400] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7399] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7402] <... futex resumed>) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 7402] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7400] <... openat resumed>) = 5 [pid 7402] <... write resumed>) = 1116 [pid 7400] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7404] <... openat resumed>) = 4 [pid 7402] <... futex resumed>) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7400] <... futex resumed>) = 1 [pid 7399] <... futex resumed>) = 0 [pid 7405] set_robust_list(0x55557616a6a0, 24 [pid 7402] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7401] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7399] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... set_robust_list resumed>) = 0 [pid 7404] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... mmap resumed>) = 0x200000000000 [pid 7401] <... futex resumed>) = 0 [pid 7400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7399] <... futex resumed>) = 0 [pid 7405] chdir("./138" [pid 7404] <... futex resumed>) = 1 [pid 7403] <... futex resumed>) = 0 [pid 7402] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7400] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7399] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 287 [pid 7405] <... chdir resumed>) = 0 [pid 7404] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7403] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... futex resumed>) = 0 [pid 7401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7400] <... write resumed>) = 1116 [pid 7397] <... futex resumed>) = ? [pid 7405] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7403] <... futex resumed>) = 0 [pid 7401] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7405] <... prctl resumed>) = 0 [pid 7403] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7405] setpgid(0, 0 [pid 7400] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... setpgid resumed>) = 0 [pid 7400] <... futex resumed>) = 1 [pid 7399] <... futex resumed>) = 0 [pid 7399] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7400] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7399] <... futex resumed>) = 0 [pid 7405] <... openat resumed>) = 3 [pid 7402] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7400] <... mmap resumed>) = 0x200000000000 [pid 7399] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7398] +++ killed by SIGSEGV (core dumped) +++ [pid 7397] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=289, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 7404] <... openat resumed>) = 5 [pid 7405] write(3, "1000", 4 [pid 7404] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7400] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... write resumed>) = 4 [pid 7404] <... futex resumed>) = 1 [pid 7403] <... futex resumed>) = 0 [pid 7402] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] <... futex resumed>) = 1 [pid 7399] <... futex resumed>) = 0 [pid 7405] close(3 [pid 7404] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7403] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7402] <... futex resumed>) = 1 [pid 7401] <... futex resumed>) = 0 [pid 7400] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7399] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] <... close resumed>) = 0 [pid 7404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7403] <... futex resumed>) = 0 [pid 7402] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7401] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7399] <... futex resumed>) = 0 [pid 7405] symlink("/dev/binderfs", "./binderfs" [pid 7404] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7403] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7401] <... futex resumed>) = 0 [pid 7400] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7399] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7405] <... symlink resumed>) = 0 [pid 7402] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7401] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7400] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7405] write(1, "executing program\n", 18 [pid 7404] <... write resumed>) = 1116 [pid 7400] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 7405] <... write resumed>) = 18 [pid 7404] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] <... futex resumed>) = 1 [pid 7399] <... futex resumed>) = 0 [pid 5870] <... openat resumed>) = 3 [pid 7405] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7404] <... futex resumed>) = 1 [pid 7403] <... futex resumed>) = 0 [pid 7400] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7399] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] newfstatat(3, "", [pid 7405] <... futex resumed>) = 0 [pid 7404] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7403] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7399] <... futex resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7404] <... mmap resumed>) = 0x200000000000 [pid 7403] <... futex resumed>) = 0 [pid 7400] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7399] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] getdents64(3, [pid 7405] <... mmap resumed>) = 0x7f701fcf4000 [pid 7403] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7405] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7404] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7405] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7404] <... futex resumed>) = 1 [pid 7403] <... futex resumed>) = 0 [pid 7405] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7404] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7403] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7406 attached [pid 7404] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7403] <... futex resumed>) = 0 [pid 7406] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7405] <... clone3 resumed> => {parent_tid=[288]}, 88) = 288 [pid 7404] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7403] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7406] <... rseq resumed>) = 0 [pid 7405] rt_sigprocmask(SIG_SETMASK, [], [pid 7404] <... futex resumed>) = 0 [pid 7403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7406] set_robust_list(0x7f701fd149a0, 24 [pid 7405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7404] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7403] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7406] <... set_robust_list resumed>) = 0 [pid 7405] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7403] <... futex resumed>) = 0 [pid 7405] <... futex resumed>) = 0 [pid 7404] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7403] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7405] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7406] memfd_create("syzkaller", 0) = 3 [pid 5870] <... umount2 resumed>) = 0 [pid 7406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7406] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5870] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7406] <... write resumed>) = 2097152 [pid 7401] <... futex resumed>) = ? [pid 5870] newfstatat(4, "", [pid 7406] munmap(0x7f7017800000, 138412032 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4 [pid 7406] <... munmap resumed>) = 0 [pid 7402] +++ killed by SIGSEGV (core dumped) +++ [pid 7401] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... close resumed>) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=285, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5870] <... rmdir resumed>) = 0 [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 5870] umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./137/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3 [pid 7406] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... close resumed>) = 0 [pid 7406] <... openat resumed>) = 4 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5870] rmdir("./137" [pid 7406] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... rmdir resumed>) = 0 [pid 5870] mkdir("./138", 0777 [pid 5872] umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] <... mkdir resumed>) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5872] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5870] <... openat resumed>) = 3 [pid 5872] <... openat resumed>) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 5872] newfstatat(3, "", [pid 5870] <... ioctl resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] close(3 [pid 7406] <... ioctl resumed>) = 0 [pid 5872] getdents64(3, [pid 7406] close(3) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7406] close(4) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7406] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5870] <... close resumed>) = 0 [pid 7406] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 499.098522][ T7406] loop3: detected capacity change from 0 to 4096 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557616a690) = 291 ./strace-static-x86_64: Process 7407 attached [pid 7407] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7407] chdir("./138") = 0 [pid 7407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7407] setpgid(0, 0) = 0 [pid 7407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7407] write(3, "1000", 4) = 4 [pid 7407] close(3) = 0 [pid 7407] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7407] write(1, "executing program\n", 18) = 18 [pid 7407] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7407] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7408 attached => {parent_tid=[292]}, 88) = 292 [pid 7407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7408] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7408] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7407] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] memfd_create("syzkaller", 0 [pid 7407] <... futex resumed>) = 0 [pid 7407] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7403] <... futex resumed>) = ? [pid 7408] <... memfd_create resumed>) = 3 [pid 7408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7406] <... mount resumed>) = 0 [pid 7406] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7404] +++ killed by SIGSEGV (core dumped) +++ [pid 7403] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=284, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 7406] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5869] umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", [pid 7406] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7406] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] getdents64(3, [pid 7406] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7406] <... futex resumed>) = 1 [pid 7405] <... futex resumed>) = 0 [pid 7406] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7405] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7406] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7405] <... futex resumed>) = 0 [pid 7405] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7406] <... openat resumed>) = 4 [pid 5872] <... umount2 resumed>) = 0 [pid 7406] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7406] <... futex resumed>) = 1 [pid 7405] <... futex resumed>) = 0 [pid 7405] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7406] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7405] <... futex resumed>) = 0 [pid 7405] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7406] <... openat resumed>) = 5 [pid 7406] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7406] <... futex resumed>) = 1 [pid 7405] <... futex resumed>) = 0 [pid 7406] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7405] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7405] <... futex resumed>) = 0 [pid 7406] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7405] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7406] <... write resumed>) = 1116 [pid 7406] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7406] <... futex resumed>) = 1 [pid 7405] <... futex resumed>) = 0 [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7405] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7406] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7405] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 4 [pid 7405] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7406] <... mmap resumed>) = 0x200000000000 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, [pid 7406] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7406] <... futex resumed>) = 1 [pid 7405] <... futex resumed>) = 0 [pid 5872] getdents64(4, [pid 7406] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7405] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7405] <... futex resumed>) = 0 [pid 5872] close(4 [pid 7406] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7405] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... close resumed>) = 0 [pid 7406] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7399] <... futex resumed>) = ? [pid 5872] rmdir("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7406] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... rmdir resumed>) = 0 [pid 5869] <... umount2 resumed>) = 0 [pid 7406] <... futex resumed>) = 1 [pid 7405] <... futex resumed>) = 0 [pid 5872] umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7400] +++ killed by SIGSEGV (core dumped) +++ [pid 7399] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7405] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] newfstatat(AT_FDCWD, "./137/binderfs", [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=284, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=10 /* 0.10 s */} --- [pid 7405] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 7405] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] unlink("./137/binderfs" [pid 7408] <... write resumed>) = 2097152 [pid 7406] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5872] <... unlink resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... restart_syscall resumed>) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 7408] munmap(0x7f7017800000, 138412032 [pid 5872] <... close resumed>) = 0 [pid 5868] umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7408] <... munmap resumed>) = 0 [pid 5872] rmdir("./137" [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... rmdir resumed>) = 0 [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 5868] openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] mkdir("./138", 0777 [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] <... openat resumed>) = 3 [pid 5872] <... mkdir resumed>) = 0 [pid 5868] newfstatat(3, "", [pid 5869] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] close(4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... close resumed>) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 5868] getdents64(3, [pid 5869] <... rmdir resumed>) = 0 [pid 7408] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5869] umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7408] <... openat resumed>) = 4 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7408] ioctl(4, LOOP_SET_FD, 3 [pid 5869] newfstatat(AT_FDCWD, "./137/binderfs", [pid 5872] <... openat resumed>) = 3 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] ioctl(3, LOOP_CLR_FD [pid 5868] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... ioctl resumed>) = 0 [pid 5869] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7408] <... ioctl resumed>) = 0 [pid 5869] unlink("./137/binderfs") = 0 [pid 5869] getdents64(3, [pid 7408] close(3 [pid 5872] close(3 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7408] <... close resumed>) = 0 [pid 5869] close(3 [pid 7408] close(4 [pid 5869] <... close resumed>) = 0 [pid 7408] <... close resumed>) = 0 [pid 5869] rmdir("./137" [pid 7408] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5869] <... rmdir resumed>) = 0 [pid 7408] <... mkdir resumed>) = 0 [pid 5869] mkdir("./138", 0777 [pid 7408] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] <... mkdir resumed>) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5872] <... close resumed>) = 0 [ 499.319707][ T7408] loop1: detected capacity change from 0 to 4096 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7409 attached , child_tidptr=0x55557616a690) = 287 [pid 7409] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7409] chdir("./138" [pid 5869] <... close resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7409] <... chdir resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7409] setpgid(0, 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7409] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 7410 attached [pid 7409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7409] <... openat resumed>) = 3 [pid 5868] umount2("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7410] set_robust_list(0x55557616a6a0, 24 [pid 7409] write(3, "1000", 4 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7410] <... set_robust_list resumed>) = 0 [pid 7409] <... write resumed>) = 4 [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7410] chdir("./138" [pid 7409] close(3 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 286 [pid 5868] <... openat resumed>) = 4 [pid 7410] <... chdir resumed>) = 0 [pid 7409] <... close resumed>) = 0 [pid 5868] newfstatat(4, "", [pid 7409] symlink("/dev/binderfs", "./binderfs" [pid 7410] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7410] <... prctl resumed>) = 0 [pid 7409] <... symlink resumed>) = 0 [pid 7410] setpgid(0, 0 [pid 7409] write(1, "executing program\n", 18 [pid 5868] getdents64(4, [pid 7410] <... setpgid resumed>) = 0 [pid 7409] <... write resumed>) = 18 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7409] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(4, [pid 7405] <... futex resumed>) = ? [pid 7409] <... futex resumed>) = 0 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5868] close(4) = 0 [pid 7409] <... mmap resumed>) = 0x7f701fcf4000 [pid 5868] rmdir("\x2e\x2f\x31\x33\x37\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7409] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5868] <... rmdir resumed>) = 0 [pid 7409] <... mprotect resumed>) = 0 [pid 5868] umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7410] <... openat resumed>) = 3 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7409] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5868] newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7410] write(3, "1000", 4) = 4 [pid 7409] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7406] +++ killed by SIGSEGV (core dumped) +++ [pid 7405] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] unlink("./137/binderfs" [pid 7410] close(3 [pid 7409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=287, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- ./strace-static-x86_64: Process 7411 attached [pid 7410] <... close resumed>) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 5868] <... unlink resumed>) = 0 [pid 7411] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7410] symlink("/dev/binderfs", "./binderfs" [pid 7409] <... clone3 resumed> => {parent_tid=[288]}, 88) = 288 [pid 5871] <... restart_syscall resumed>) = 0 executing program [pid 5868] getdents64(3, [pid 7411] <... rseq resumed>) = 0 [pid 7410] <... symlink resumed>) = 0 [pid 7409] rt_sigprocmask(SIG_SETMASK, [], [pid 7411] set_robust_list(0x7f701fd149a0, 24 [pid 7410] write(1, "executing program\n", 18 [pid 7409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7411] <... set_robust_list resumed>) = 0 [pid 7410] <... write resumed>) = 18 [pid 7409] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] close(3 [pid 7411] rt_sigprocmask(SIG_SETMASK, [], [pid 7410] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7409] <... futex resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 7411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7410] <... futex resumed>) = 0 [pid 7409] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] rmdir("./137" [pid 7411] memfd_create("syzkaller", 0 [pid 7410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... openat resumed>) = 3 [pid 5868] <... rmdir resumed>) = 0 [pid 5871] newfstatat(3, "", [pid 7410] <... mmap resumed>) = 0x7f701fcf4000 [pid 5868] mkdir("./138", 0777 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7411] <... memfd_create resumed>) = 3 [pid 7410] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] getdents64(3, [pid 5868] <... mkdir resumed>) = 0 [pid 7411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7411] <... mmap resumed>) = 0x7f7017800000 [pid 7410] <... mprotect resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = 3 [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5868] close(3 [pid 7408] <... mount resumed>) = 0 [pid 7408] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7408] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7408] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7408] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7407] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7407] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 7408] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7407] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7407] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] <... openat resumed>) = 5 [pid 7408] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7407] <... futex resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7407] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7410] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7407] <... futex resumed>) = 0 [pid 7407] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] <... futex resumed>) = 1 [pid 7408] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7410] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7408] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7408] <... futex resumed>) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7407] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7407] <... futex resumed>) = 0 [pid 7408] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7407] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] <... mmap resumed>) = 0x200000000000 [pid 7408] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7407] <... futex resumed>) = 0 [pid 7408] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7407] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7408] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7407] <... futex resumed>) = 0 [pid 7408] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7407] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7408] <... futex resumed>) = 0 [pid 7407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7408] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7407] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7411] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7412 attached [pid 7412] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7412] chdir("./138") = 0 [pid 5871] <... umount2 resumed>) = 0 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 286 ./strace-static-x86_64: Process 7413 attached [pid 7412] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7410] <... clone3 resumed> => {parent_tid=[287]}, 88) = 287 [pid 7412] <... prctl resumed>) = 0 [pid 7410] rt_sigprocmask(SIG_SETMASK, [], [pid 7412] setpgid(0, 0 [pid 7410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7413] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7412] <... setpgid resumed>) = 0 [pid 7410] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7413] <... rseq resumed>) = 0 [pid 7412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7410] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7413] set_robust_list(0x7f701fd149a0, 24 [pid 7412] <... openat resumed>) = 3 [pid 7413] <... set_robust_list resumed>) = 0 [pid 7412] write(3, "1000", 4 [pid 7413] rt_sigprocmask(SIG_SETMASK, [], [pid 7412] <... write resumed>) = 4 [pid 7413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7412] close(3 [pid 7413] memfd_create("syzkaller", 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7412] <... close resumed>) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7412] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7412] <... symlink resumed>) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 7413] <... memfd_create resumed>) = 3 [pid 7412] write(1, "executing program\n", 18 [pid 5871] <... openat resumed>) = 4 [pid 7413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7412] <... write resumed>) = 18 [pid 7413] <... mmap resumed>) = 0x7f7017800000 [pid 7412] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] newfstatat(4, "", [pid 7412] <... mmap resumed>) = 0x7f701fcf4000 [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, [pid 7412] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7412] <... mprotect resumed>) = 0 [pid 7412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7411] <... write resumed>) = 2097152 [pid 5871] getdents64(4, [pid 7412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 7411] munmap(0x7f7017800000, 138412032 [pid 5871] rmdir("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38"./strace-static-x86_64: Process 7414 attached [pid 7412] <... clone3 resumed> => {parent_tid=[287]}, 88) = 287 [pid 5871] <... rmdir resumed>) = 0 [pid 7414] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7412] rt_sigprocmask(SIG_SETMASK, [], [pid 7411] <... munmap resumed>) = 0 [pid 5871] umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7414] <... rseq resumed>) = 0 [pid 7412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7414] set_robust_list(0x7f701fd149a0, 24 [pid 7412] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] newfstatat(AT_FDCWD, "./138/binderfs", [pid 7414] <... set_robust_list resumed>) = 0 [pid 7412] <... futex resumed>) = 0 [pid 7411] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5871] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7414] rt_sigprocmask(SIG_SETMASK, [], [pid 7412] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7411] <... openat resumed>) = 4 [pid 5871] unlink("./138/binderfs" [pid 7414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7411] ioctl(4, LOOP_SET_FD, 3 [pid 7414] memfd_create("syzkaller", 0 [pid 5871] <... unlink resumed>) = 0 [pid 7414] <... memfd_create resumed>) = 3 [pid 7414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 5871] rmdir("./138") = 0 [pid 5871] mkdir("./139", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7411] <... ioctl resumed>) = 0 [pid 7413] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7411] close(3 [pid 5871] <... close resumed>) = 0 [pid 7411] <... close resumed>) = 0 [pid 7411] close(4) = 0 [pid 7411] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7411] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7415 attached [pid 7415] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 289 [pid 7415] <... set_robust_list resumed>) = 0 [ 499.586727][ T7411] loop4: detected capacity change from 0 to 4096 [pid 7415] chdir("./139" [pid 7414] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7415] <... chdir resumed>) = 0 [pid 7415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7415] setpgid(0, 0) = 0 [pid 7413] <... write resumed>) = 2097152 [pid 7415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7415] write(3, "1000", 4) = 4 [pid 7415] close(3) = 0 [pid 7415] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7415] write(1, "executing program\n", 18) = 18 [pid 7413] munmap(0x7f7017800000, 138412032 [pid 7415] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7415] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7413] <... munmap resumed>) = 0 [pid 7415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7413] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 7416 attached ) = 4 [pid 7413] ioctl(4, LOOP_SET_FD, 3 [pid 7415] <... clone3 resumed> => {parent_tid=[290]}, 88) = 290 [pid 7416] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7415] rt_sigprocmask(SIG_SETMASK, [], [pid 7416] set_robust_list(0x7f701fd149a0, 24 [pid 7415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7416] <... set_robust_list resumed>) = 0 [pid 7415] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7416] memfd_create("syzkaller", 0 [pid 7415] <... futex resumed>) = 0 [pid 7407] <... futex resumed>) = ? [pid 7415] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7414] <... write resumed>) = 2097152 [pid 7416] <... memfd_create resumed>) = 3 [pid 7414] munmap(0x7f7017800000, 138412032 [pid 7408] +++ killed by SIGSEGV (core dumped) +++ [pid 7407] +++ killed by SIGSEGV (core dumped) +++ [pid 7416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=291, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7416] <... mmap resumed>) = 0x7f7017800000 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5870] umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", [pid 7413] <... ioctl resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7411] <... mount resumed>) = 0 [pid 7411] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7411] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7411] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7411] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7413] close(3 [pid 7409] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7414] <... munmap resumed>) = 0 [pid 7413] <... close resumed>) = 0 [pid 7413] close(4 [pid 7414] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7413] <... close resumed>) = 0 [pid 7413] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7414] <... openat resumed>) = 4 [pid 7413] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7411] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7414] ioctl(4, LOOP_SET_FD, 3 [pid 7411] <... openat resumed>) = 4 [pid 7414] <... ioctl resumed>) = 0 [pid 7411] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7414] close(3 [pid 7411] <... futex resumed>) = 1 [pid 7411] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7414] <... close resumed>) = 0 [pid 7409] <... futex resumed>) = 0 [pid 7409] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7411] <... futex resumed>) = 0 [pid 7409] <... futex resumed>) = 1 [pid 7411] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7414] close(4) = 0 [pid 7411] <... openat resumed>) = 5 [pid 7409] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7414] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7416] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7414] <... mkdir resumed>) = 0 [pid 7411] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7409] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 499.701799][ T7413] loop2: detected capacity change from 0 to 4096 [ 499.741015][ T7414] loop0: detected capacity change from 0 to 4096 [pid 7411] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7414] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7411] <... write resumed>) = 1116 [pid 7411] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7409] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7411] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7411] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7409] <... futex resumed>) = 0 [pid 7409] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7409] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7411] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56}) = -1 EFAULT (Bad address) [pid 7411] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7411] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7409] <... futex resumed>) = 0 [pid 7409] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7411] <... futex resumed>) = 0 [pid 7409] <... futex resumed>) = 1 [pid 7411] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7409] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7416] <... write resumed>) = 2097152 [pid 7413] <... mount resumed>) = 0 [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7413] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7413] <... openat resumed>) = 3 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7413] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... openat resumed>) = 4 [pid 7413] <... chdir resumed>) = 0 [pid 5870] newfstatat(4, "", [pid 7413] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7413] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] getdents64(4, [pid 7413] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7413] <... futex resumed>) = 1 [pid 7410] <... futex resumed>) = 0 [pid 5870] getdents64(4, [pid 7416] munmap(0x7f7017800000, 138412032 [pid 7413] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7410] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7413] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./138/binderfs") = 0 [pid 7416] <... munmap resumed>) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./138") = 0 [pid 5870] mkdir("./139", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7416] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7416] <... openat resumed>) = 4 [pid 5870] <... ioctl resumed>) = 0 [pid 7416] ioctl(4, LOOP_SET_FD, 3 [pid 5870] close(3 [pid 7413] <... openat resumed>) = 4 [pid 7413] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7410] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7413] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7413] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7410] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7413] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7413] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7410] <... futex resumed>) = 0 [pid 7410] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7410] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7416] <... ioctl resumed>) = 0 [pid 7413] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7416] close(3 [pid 7413] <... mmap resumed>) = 0x200000000000 [pid 7416] <... close resumed>) = 0 [pid 7413] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7416] close(4 [pid 7413] <... futex resumed>) = 1 [pid 7410] <... futex resumed>) = 0 [pid 7416] <... close resumed>) = 0 [pid 7413] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7410] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7416] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7413] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7410] <... futex resumed>) = 0 [pid 7413] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7410] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7413] <... futex resumed>) = 0 [pid 7410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7413] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7410] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7416] <... mkdir resumed>) = 0 [pid 7414] <... mount resumed>) = 0 [pid 7416] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [ 499.848700][ T7416] loop3: detected capacity change from 0 to 4096 [pid 7414] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] <... close resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7417 attached [pid 7414] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7417] set_robust_list(0x55557616a6a0, 24 [pid 7414] <... chdir resumed>) = 0 [pid 7417] <... set_robust_list resumed>) = 0 [pid 7414] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7417] chdir("./139" [pid 7414] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 293 [pid 7417] <... chdir resumed>) = 0 [pid 7414] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7414] <... futex resumed>) = 1 [pid 7412] <... futex resumed>) = 0 [pid 7417] setpgid(0, 0 [pid 7414] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7412] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] <... setpgid resumed>) = 0 [pid 7414] <... openat resumed>) = 4 [pid 7412] <... futex resumed>) = 0 [pid 7417] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7412] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7417] <... openat resumed>) = 3 [pid 7417] write(3, "1000", 4 [pid 7414] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] <... write resumed>) = 4 [pid 7417] close(3 [pid 7414] <... futex resumed>) = 1 [pid 7412] <... futex resumed>) = 0 [pid 7417] <... close resumed>) = 0 [pid 7414] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7417] symlink("/dev/binderfs", "./binderfs" [pid 7412] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] <... symlink resumed>) = 0 [pid 7414] <... futex resumed>) = 0 [pid 7412] <... futex resumed>) = 1 [pid 7412] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7417] write(1, "executing program\n", 18 [pid 7414] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 executing program [pid 7417] <... write resumed>) = 18 [pid 7417] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7414] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7412] <... futex resumed>) = 0 [pid 7414] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7412] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7414] <... write resumed>) = 1116 [pid 7412] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7417] <... futex resumed>) = 0 [pid 7414] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7414] <... futex resumed>) = 1 [pid 7412] <... futex resumed>) = 0 [pid 7417] <... mmap resumed>) = 0x7f701fcf4000 [pid 7414] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7412] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7417] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7414] <... mmap resumed>) = 0x200000000000 [pid 7412] <... futex resumed>) = 0 [pid 7417] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7414] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7412] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7417] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7414] <... futex resumed>) = 0 [pid 7412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7414] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7417] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7412] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7418 attached [pid 7414] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7412] <... futex resumed>) = 0 [pid 7417] <... clone3 resumed> => {parent_tid=[294]}, 88) = 294 [pid 7412] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7418] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7417] rt_sigprocmask(SIG_SETMASK, [], [pid 7414] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7418] <... rseq resumed>) = 0 [pid 7417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7414] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7418] set_robust_list(0x7f701fd149a0, 24 [pid 7417] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7418] <... set_robust_list resumed>) = 0 [pid 7417] <... futex resumed>) = 0 [pid 7414] <... futex resumed>) = 1 [pid 7412] <... futex resumed>) = 0 [pid 7418] rt_sigprocmask(SIG_SETMASK, [], [pid 7412] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7417] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7412] <... futex resumed>) = 0 [pid 7414] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7418] memfd_create("syzkaller", 0) = 3 [pid 7418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7409] <... futex resumed>) = ? [pid 7411] +++ killed by SIGSEGV (core dumped) +++ [pid 7409] +++ killed by SIGSEGV (core dumped) +++ [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=287, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5872] restart_syscall(<... resuming interrupted clone ...> [pid 7418] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5872] <... restart_syscall resumed>) = 0 [pid 5872] umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7416] <... mount resumed>) = 0 [pid 7416] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7416] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7416] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7416] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7416] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7415] <... futex resumed>) = 0 [pid 7415] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7416] <... futex resumed>) = 0 [pid 7416] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] getdents64(3, [pid 7416] <... openat resumed>) = 4 [pid 7416] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7416] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7415] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7415] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7416] <... futex resumed>) = 0 [pid 7415] <... futex resumed>) = 1 [pid 7416] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7415] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7416] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7415] <... futex resumed>) = 0 [pid 7415] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7415] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7416] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7416] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7415] <... futex resumed>) = 0 [pid 7415] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7415] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7416] <... futex resumed>) = 1 [pid 7416] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7416] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7415] <... futex resumed>) = 0 [pid 7416] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7415] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7416] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7415] <... futex resumed>) = 0 [pid 7416] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7415] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7416] <... futex resumed>) = 0 [pid 7415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7416] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7415] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7415] <... futex resumed>) = 0 [pid 7415] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7416] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7418] <... write resumed>) = 2097152 [pid 7418] munmap(0x7f7017800000, 138412032 [pid 7410] <... futex resumed>) = ? [pid 7418] <... munmap resumed>) = 0 [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7413] +++ killed by SIGSEGV (core dumped) +++ [pid 7410] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=286, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [pid 7418] <... openat resumed>) = 4 [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7418] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... restart_syscall resumed>) = 0 [pid 5869] umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] <... umount2 resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7414] +++ killed by SIGSEGV (core dumped) +++ [pid 7412] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=286, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5868] umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7418] <... ioctl resumed>) = 0 [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7418] close(3) = 0 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] unlink("./138/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./138" [pid 7418] close(4 [pid 5872] <... rmdir resumed>) = 0 [pid 5872] mkdir("./139", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7418] <... close resumed>) = 0 [pid 7418] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5872] <... openat resumed>) = 3 [pid 5869] <... umount2 resumed>) = 0 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7418] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5869] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5869] umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./138/binderfs") = 0 [ 500.130121][ T7418] loop1: detected capacity change from 0 to 4096 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./138") = 0 [pid 5869] mkdir("./139", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5872] <... close resumed>) = 0 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7419 attached , child_tidptr=0x55557616a690) = 289 [pid 7419] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7419] chdir("./139") = 0 [pid 7419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7419] setpgid(0, 0) = 0 [pid 7419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] <... close resumed>) = 0 [pid 7419] write(3, "1000", 4) = 4 [pid 7419] close(3) = 0 [pid 7419] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7419] write(1, "executing program\n", 18) = 18 [pid 7419] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7419] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[290]}, 88) = 290 [pid 7419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7419] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 7420 attached [pid 7419] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7420] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7421 attached [pid 7420] set_robust_list(0x7f701fd149a0, 24 [pid 7418] <... mount resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7420] <... set_robust_list resumed>) = 0 [pid 7418] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 7421] set_robust_list(0x55557616a6a0, 24 [pid 7420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7418] <... openat resumed>) = 3 [pid 7421] <... set_robust_list resumed>) = 0 [pid 7421] chdir("./139" [pid 7420] memfd_create("syzkaller", 0 [pid 7418] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7421] <... chdir resumed>) = 0 [pid 7418] <... chdir resumed>) = 0 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 288 [pid 7421] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7418] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5868] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7421] <... prctl resumed>) = 0 [pid 7420] <... memfd_create resumed>) = 3 [pid 7420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7421] setpgid(0, 0 [pid 7418] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7421] <... setpgid resumed>) = 0 [pid 7418] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7418] <... futex resumed>) = 1 [pid 7417] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7421] <... openat resumed>) = 3 [pid 7418] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7417] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7421] write(3, "1000", 4) = 4 [pid 7417] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7421] close(3 [pid 7417] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7421] <... close resumed>) = 0 [pid 7421] symlink("/dev/binderfs", "./binderfs" [pid 5868] <... openat resumed>) = 4 [pid 5868] newfstatat(4, "", executing program [pid 7421] <... symlink resumed>) = 0 [pid 7418] <... openat resumed>) = 4 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7421] write(1, "executing program\n", 18) = 18 [pid 5868] getdents64(4, [pid 7418] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7421] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7421] <... futex resumed>) = 0 [pid 7418] <... futex resumed>) = 1 [pid 7417] <... futex resumed>) = 0 [pid 7421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7418] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7417] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] getdents64(4, [pid 7421] <... mmap resumed>) = 0x7f701fcf4000 [pid 5868] <... getdents64 resumed>0x555576173890 /* 0 entries */, 32768) = 0 [pid 7421] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7417] <... futex resumed>) = 0 [pid 7421] <... mprotect resumed>) = 0 [pid 7418] <... openat resumed>) = 5 [pid 7417] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] close(4 [pid 7421] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7418] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7421] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7418] <... futex resumed>) = 1 [pid 5868] rmdir("\x2e\x2f\x31\x33\x38\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7417] <... futex resumed>) = 0 [pid 7417] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7415] <... futex resumed>) = ? [pid 5868] <... rmdir resumed>) = 0 [pid 7421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7418] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7417] <... futex resumed>) = 0 [pid 5868] umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7418] <... write resumed>) = 1116 [pid 7417] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7418] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7417] <... futex resumed>) = 0 [pid 7418] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7417] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] newfstatat(AT_FDCWD, "./138/binderfs", [pid 7417] <... futex resumed>) = 0 [pid 7418] <... mmap resumed>) = 0x200000000000 [pid 7417] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7422 attached [pid 5868] unlink("./138/binderfs") = 0 [pid 7421] <... clone3 resumed> => {parent_tid=[289]}, 88) = 289 [pid 7416] +++ killed by SIGSEGV (core dumped) +++ [pid 7415] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] getdents64(3, [pid 7422] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7421] rt_sigprocmask(SIG_SETMASK, [], [pid 7418] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=289, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5868] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7422] <... rseq resumed>) = 0 [pid 7421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7418] <... futex resumed>) = 1 [pid 7417] <... futex resumed>) = 0 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7422] set_robust_list(0x7f701fd149a0, 24 [pid 7421] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7418] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7417] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] close(3 [pid 7422] <... set_robust_list resumed>) = 0 [pid 7421] <... futex resumed>) = 0 [pid 7417] <... futex resumed>) = 0 [pid 5871] <... restart_syscall resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 7422] rt_sigprocmask(SIG_SETMASK, [], [pid 7421] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7420] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7418] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7417] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] rmdir("./138" [pid 5871] umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7422] memfd_create("syzkaller", 0 [pid 7418] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... rmdir resumed>) = 0 [pid 7422] <... memfd_create resumed>) = 3 [pid 7418] <... futex resumed>) = 1 [pid 7417] <... futex resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] mkdir("./139", 0777 [pid 7422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7418] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7417] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... openat resumed>) = 3 [pid 5868] <... mkdir resumed>) = 0 [pid 7422] <... mmap resumed>) = 0x7f7017800000 [pid 7418] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7417] <... futex resumed>) = 0 [pid 5871] newfstatat(3, "", [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7420] <... write resumed>) = 2097152 [pid 7418] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7417] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5868] <... openat resumed>) = 3 [pid 7420] munmap(0x7f7017800000, 138412032 [pid 5871] getdents64(3, [pid 5868] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5868] close(3 [pid 5871] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7420] <... munmap resumed>) = 0 [pid 7422] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7420] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7420] ioctl(4, LOOP_SET_FD, 3 [pid 5868] <... close resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7423 attached [pid 7422] <... write resumed>) = 2097152 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 288 [pid 7420] <... ioctl resumed>) = 0 [pid 7423] set_robust_list(0x55557616a6a0, 24 [pid 7422] munmap(0x7f7017800000, 138412032 [pid 5871] <... umount2 resumed>) = 0 [pid 7423] <... set_robust_list resumed>) = 0 [pid 7423] chdir("./139") = 0 [pid 7420] close(3) = 0 [pid 7420] close(4) = 0 [pid 7420] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7420] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5871] <... openat resumed>) = 4 [pid 7423] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7422] <... munmap resumed>) = 0 [pid 5871] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7423] <... prctl resumed>) = 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5871] umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7423] setpgid(0, 0) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5871] unlink("./139/binderfs" [pid 7423] <... openat resumed>) = 3 [pid 5871] <... unlink resumed>) = 0 [pid 7423] write(3, "1000", 4) = 4 [pid 5871] getdents64(3, [pid 7423] close(3 [pid 5871] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 7423] <... close resumed>) = 0 [pid 7423] symlink("/dev/binderfs", "./binderfs" [pid 5871] close(3) = 0 [pid 7423] <... symlink resumed>) = 0 [pid 5871] rmdir("./139"executing program [pid 7423] write(1, "executing program\n", 18 [pid 5871] <... rmdir resumed>) = 0 [pid 7423] <... write resumed>) = 18 [ 500.415642][ T7420] loop4: detected capacity change from 0 to 4096 [pid 7422] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7423] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7422] <... openat resumed>) = 4 [pid 7423] <... futex resumed>) = 0 [pid 7422] ioctl(4, LOOP_SET_FD, 3 [pid 7423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 5871] mkdir("./140", 0777) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7423] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [pid 5871] close(3 [pid 7423] <... mprotect resumed>) = 0 [pid 7423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7425 attached ./strace-static-x86_64: Process 7424 attached [pid 7423] <... clone3 resumed> => {parent_tid=[289]}, 88) = 289 [pid 7422] <... ioctl resumed>) = 0 [pid 7423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7423] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7425] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7423] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7422] close(3 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 291 [pid 7425] <... rseq resumed>) = 0 [pid 7424] set_robust_list(0x55557616a6a0, 24 [pid 7422] <... close resumed>) = 0 [pid 7425] set_robust_list(0x7f701fd149a0, 24 [pid 7424] <... set_robust_list resumed>) = 0 [pid 7425] <... set_robust_list resumed>) = 0 [pid 7425] rt_sigprocmask(SIG_SETMASK, [], [pid 7424] chdir("./140" [pid 7422] close(4 [pid 7425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7425] memfd_create("syzkaller", 0 [pid 7422] <... close resumed>) = 0 [pid 7424] <... chdir resumed>) = 0 [pid 7424] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7422] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7424] <... prctl resumed>) = 0 [pid 7424] setpgid(0, 0) = 0 [pid 7422] <... mkdir resumed>) = 0 [pid 7424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7422] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7424] <... openat resumed>) = 3 [pid 7425] <... memfd_create resumed>) = 3 [pid 7425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7424] write(3, "1000", 4 [pid 7425] <... mmap resumed>) = 0x7f7017800000 [pid 7424] <... write resumed>) = 4 [pid 7424] close(3) = 0 [pid 7424] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7424] write(1, "executing program\n", 18) = 18 [pid 7424] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7420] <... mount resumed>) = 0 [pid 7420] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7420] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7420] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7424] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7420] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7419] <... futex resumed>) = 0 [pid 7419] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7419] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7424] <... mprotect resumed>) = 0 [pid 7420] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7426 attached => {parent_tid=[292]}, 88) = 292 [pid 7424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7424] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7424] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7426] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7426] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 500.487854][ T7422] loop2: detected capacity change from 0 to 4096 [pid 7426] memfd_create("syzkaller", 0 [pid 7420] <... openat resumed>) = 4 [pid 7420] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7419] <... futex resumed>) = 0 [pid 7419] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7419] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7420] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 7426] <... memfd_create resumed>) = 3 [pid 7420] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7419] <... futex resumed>) = 0 [pid 7419] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7419] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7420] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7420] <... write resumed>) = 1116 [pid 7420] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7420] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7419] <... futex resumed>) = 0 [pid 7419] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7419] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7426] <... mmap resumed>) = 0x7f7017800000 [pid 7420] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [pid 7425] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7420] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7419] <... futex resumed>) = 0 [pid 7420] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7419] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7420] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7419] <... futex resumed>) = 0 [pid 7420] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7419] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7420] <... futex resumed>) = 0 [pid 7419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7420] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7419] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7422] <... mount resumed>) = 0 [pid 7422] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7422] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7422] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7422] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7422] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7426] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7425] <... write resumed>) = 2097152 [pid 7421] <... futex resumed>) = 0 [pid 7417] <... futex resumed>) = ? [pid 7421] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7422] <... futex resumed>) = 0 [pid 7422] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7421] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7425] munmap(0x7f7017800000, 138412032) = 0 [pid 7422] <... openat resumed>) = 4 [pid 7418] +++ killed by SIGSEGV (core dumped) +++ [pid 7417] +++ killed by SIGSEGV (core dumped) +++ [pid 7422] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=293, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 7422] <... futex resumed>) = 1 [pid 7421] <... futex resumed>) = 0 [pid 7421] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7422] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7421] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7425] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7422] <... openat resumed>) = 5 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7425] <... openat resumed>) = 4 [pid 7425] ioctl(4, LOOP_SET_FD, 3 [pid 7422] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7421] <... futex resumed>) = 0 [pid 7422] <... futex resumed>) = 1 [pid 7421] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7422] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7426] <... write resumed>) = 2097152 [pid 7425] <... ioctl resumed>) = 0 [pid 7421] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7422] <... write resumed>) = 1116 [pid 7422] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7425] close(3) = 0 [pid 7426] munmap(0x7f7017800000, 138412032 [pid 7425] close(4) = 0 [pid 7422] <... futex resumed>) = 1 [pid 7421] <... futex resumed>) = 0 [pid 7425] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7425] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7426] <... munmap resumed>) = 0 [pid 7422] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7421] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7426] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7422] <... mmap resumed>) = 0x200000000000 [pid 7421] <... futex resumed>) = 0 [pid 7426] <... openat resumed>) = 4 [pid 7422] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7421] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7422] <... futex resumed>) = 0 [pid 7421] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 500.668239][ T7425] loop0: detected capacity change from 0 to 4096 [pid 7422] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7421] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7422] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7426] ioctl(4, LOOP_SET_FD, 3 [pid 7422] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7421] <... futex resumed>) = 0 [pid 7421] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7421] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7422] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 5870] <... umount2 resumed>) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5870] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 5870] rmdir("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5870] umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./139/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./139") = 0 [pid 5870] mkdir("./140", 0777) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5870] ioctl(3, LOOP_CLR_FD) = 0 [pid 5870] close(3 [pid 7426] <... ioctl resumed>) = 0 [pid 7419] <... futex resumed>) = ? [ 500.712803][ T7426] loop3: detected capacity change from 0 to 4096 [pid 5870] <... close resumed>) = 0 [pid 7426] close(3) = 0 [pid 7426] close(4 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7426] <... close resumed>) = 0 ./strace-static-x86_64: Process 7427 attached [pid 7426] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7420] +++ killed by SIGSEGV (core dumped) +++ [pid 7419] +++ killed by SIGSEGV (core dumped) +++ [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 295 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=289, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 7426] <... mkdir resumed>) = 0 [pid 7426] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 5872] umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5872] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5872] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7427] set_robust_list(0x55557616a6a0, 24) = 0 [pid 7427] chdir("./140") = 0 [pid 7427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7427] setpgid(0, 0) = 0 [pid 7427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7427] write(3, "1000", 4 [pid 7425] <... mount resumed>) = 0 [pid 7425] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7425] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7427] <... write resumed>) = 4 [pid 7425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7427] close(3 [pid 7425] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7427] <... close resumed>) = 0 [pid 7425] <... futex resumed>) = 1 [pid 7427] symlink("/dev/binderfs", "./binderfs" [pid 7425] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7427] <... symlink resumed>) = 0 [pid 7423] <... futex resumed>) = 0 executing program [pid 7427] write(1, "executing program\n", 18 [pid 7423] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7427] <... write resumed>) = 18 [pid 7423] <... futex resumed>) = 1 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7425] <... futex resumed>) = 0 [pid 7427] <... futex resumed>) = 0 [pid 7425] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7423] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7427] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7428 attached => {parent_tid=[296]}, 88) = 296 [pid 7425] <... openat resumed>) = 4 [pid 7428] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7427] rt_sigprocmask(SIG_SETMASK, [], [pid 7425] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7428] <... rseq resumed>) = 0 [pid 7428] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7425] <... futex resumed>) = 1 [pid 7423] <... futex resumed>) = 0 [pid 7428] rt_sigprocmask(SIG_SETMASK, [], [pid 7427] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7425] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7423] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7427] <... futex resumed>) = 0 [pid 7425] <... openat resumed>) = 5 [pid 7423] <... futex resumed>) = 0 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7425] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7425] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7428] memfd_create("syzkaller", 0 [pid 7423] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7423] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7425] <... futex resumed>) = 0 [pid 7428] <... memfd_create resumed>) = 3 [pid 7423] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7425] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7425] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7423] <... futex resumed>) = 0 [pid 7425] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7423] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7425] <... mmap resumed>) = 0x200000000000 [pid 7423] <... futex resumed>) = 0 [pid 7425] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7423] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7425] <... futex resumed>) = 0 [pid 7423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7425] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7423] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7425] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7423] <... futex resumed>) = 0 [pid 7425] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7423] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7425] <... futex resumed>) = 0 [pid 7423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... umount2 resumed>) = 0 [pid 7425] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7423] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7425] <... futex resumed>) = 0 [pid 7423] <... futex resumed>) = 1 [pid 7425] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7426] <... mount resumed>) = 0 [pid 7426] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7426] <... openat resumed>) = 3 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7426] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 7428] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7426] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5872] rmdir("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./139/binderfs", [pid 7426] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7426] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7426] <... futex resumed>) = 1 [pid 7426] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7424] <... futex resumed>) = 0 [pid 5872] unlink("./139/binderfs" [pid 7424] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... unlink resumed>) = 0 [pid 7424] <... futex resumed>) = 1 [pid 5872] getdents64(3, [pid 7424] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... getdents64 resumed>0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3) = 0 [pid 5872] rmdir("./139") = 0 [pid 5872] mkdir("./140", 0777 [pid 7426] <... futex resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 7426] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7426] <... openat resumed>) = 4 [pid 5872] <... close resumed>) = 0 [pid 7426] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7421] <... futex resumed>) = ? [pid 7426] <... futex resumed>) = 1 [pid 7424] <... futex resumed>) = 0 [pid 7422] +++ killed by SIGSEGV (core dumped) +++ [pid 7424] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7421] +++ killed by SIGSEGV (core dumped) +++ [pid 7426] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7424] <... futex resumed>) = 0 [pid 7424] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=288, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- [pid 5869] restart_syscall(<... resuming interrupted clone ...> [pid 7426] <... openat resumed>) = 5 [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5869] <... restart_syscall resumed>) = 0 [pid 7426] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7424] <... futex resumed>) = 0 [pid 7426] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7424] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7426] <... futex resumed>) = 0 [pid 7424] <... futex resumed>) = 1 [pid 5869] umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7426] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7424] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7426] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7426] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7424] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... openat resumed>) = 3 [pid 7426] <... futex resumed>) = 0 [pid 7424] <... futex resumed>) = 1 [pid 5869] newfstatat(3, "", [pid 7426] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7424] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 7429 attached [pid 7428] <... write resumed>) = 2097152 [pid 7426] <... mmap resumed>) = 0x200000000000 [pid 7429] set_robust_list(0x55557616a6a0, 24 [pid 7428] munmap(0x7f7017800000, 138412032 [pid 7426] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 291 [pid 5869] getdents64(3, [pid 7429] <... set_robust_list resumed>) = 0 [pid 7428] <... munmap resumed>) = 0 [pid 7426] <... futex resumed>) = 0 [pid 7424] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7429] chdir("./140" [pid 7426] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7424] <... futex resumed>) = 0 [pid 5869] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7426] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7424] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7426] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7426] <... futex resumed>) = 0 [pid 7424] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7424] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7426] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7429] <... chdir resumed>) = 0 [pid 7429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7428] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7429] setpgid(0, 0 [pid 7428] <... openat resumed>) = 4 [pid 7429] <... setpgid resumed>) = 0 [pid 7428] ioctl(4, LOOP_SET_FD, 3 [pid 7429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7429] write(3, "1000", 4) = 4 [pid 7429] close(3) = 0 [pid 7429] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7429] write(1, "executing program\n", 18) = 18 [pid 7429] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7429] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[292]}, 88) = 292 [pid 7429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7429] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7430 attached [pid 7428] <... ioctl resumed>) = 0 [pid 7428] close(3) = 0 [pid 7428] close(4) = 0 [pid 7428] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7430] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7428] <... mkdir resumed>) = 0 [pid 7430] <... rseq resumed>) = 0 [pid 7428] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7430] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7430] memfd_create("syzkaller", 0) = 3 [pid 7430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [ 500.982666][ T7428] loop1: detected capacity change from 0 to 4096 [pid 7430] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 5869] <... umount2 resumed>) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 5869] rmdir("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7430] <... write resumed>) = 2097152 [pid 7425] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./139/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./139" [pid 7423] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] <... rmdir resumed>) = 0 [pid 5869] mkdir("./140", 0777 [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=288, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5869] <... mkdir resumed>) = 0 [pid 5868] restart_syscall(<... resuming interrupted clone ...> [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 7430] munmap(0x7f7017800000, 138412032 [pid 5868] <... restart_syscall resumed>) = 0 [pid 5868] umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5868] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7430] <... munmap resumed>) = 0 [pid 7430] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7430] <... openat resumed>) = 4 [pid 7430] ioctl(4, LOOP_SET_FD, 3 [pid 7428] <... mount resumed>) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7428] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7428] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7428] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7428] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7428] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7427] <... futex resumed>) = 0 [pid 7427] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7428] <... futex resumed>) = 0 [pid 7428] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... close resumed>) = 0 [pid 7430] <... ioctl resumed>) = 0 [pid 7430] close(3) = 0 [pid 7430] close(4) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7430] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7428] <... openat resumed>) = 4 [pid 7430] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7431 attached [pid 7430] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7431] set_robust_list(0x55557616a6a0, 24 [pid 7428] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 290 [pid 7428] <... futex resumed>) = 1 [pid 7427] <... futex resumed>) = 0 [pid 7428] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7427] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7431] <... set_robust_list resumed>) = 0 [pid 7428] <... openat resumed>) = 5 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7431] chdir("./140") = 0 [pid 7431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7428] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7427] <... futex resumed>) = 0 [pid 7427] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7428] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7427] <... futex resumed>) = 0 [pid 7428] <... write resumed>) = 1116 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7431] setpgid(0, 0 [pid 7428] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7427] <... futex resumed>) = 0 [pid 7431] <... setpgid resumed>) = 0 [pid 7427] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7427] <... futex resumed>) = 0 [ 501.122711][ T7430] loop4: detected capacity change from 0 to 4096 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7431] <... openat resumed>) = 3 [pid 7428] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7431] write(3, "1000", 4 [pid 7428] <... mmap resumed>) = 0x200000000000 [pid 7431] <... write resumed>) = 4 [pid 7431] close(3) = 0 [pid 7428] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7431] symlink("/dev/binderfs", "./binderfs" [pid 7428] <... futex resumed>) = 1 [pid 7427] <... futex resumed>) = 0 [pid 7431] <... symlink resumed>) = 0 [pid 7428] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7427] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7428] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7428] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7427] <... futex resumed>) = 0 [pid 7427] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7427] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7428] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- executing program [pid 7431] write(1, "executing program\n", 18) = 18 [pid 7431] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7431] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[291]}, 88) = 291 [pid 7431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7431] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7431] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7432 attached [pid 5868] <... umount2 resumed>) = 0 [pid 7432] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7432] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7432] memfd_create("syzkaller", 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] openat(AT_FDCWD, "\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5868] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5868] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5868] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5868] close(4) = 0 [pid 5868] rmdir("\x2e\x2f\x31\x33\x39\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5868] umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5868] newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] unlink("./139/binderfs") = 0 [pid 7432] <... memfd_create resumed>) = 3 [pid 5868] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5868] close(3) = 0 [pid 7432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5868] rmdir("./139" [pid 7432] <... mmap resumed>) = 0x7f7017800000 [pid 5868] <... rmdir resumed>) = 0 [pid 7430] <... mount resumed>) = 0 [pid 5868] mkdir("./140", 0777 [pid 7430] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5868] <... mkdir resumed>) = 0 [pid 7430] <... openat resumed>) = 3 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7430] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5868] <... openat resumed>) = 3 [pid 7430] <... chdir resumed>) = 0 [pid 5868] ioctl(3, LOOP_CLR_FD [pid 7430] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5868] <... ioctl resumed>) = 0 [pid 7430] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5868] close(3 [pid 7424] <... futex resumed>) = ? [pid 7426] +++ killed by SIGSEGV (core dumped) +++ [pid 7424] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=291, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7432] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7430] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... restart_syscall resumed>) = 0 [pid 7430] <... futex resumed>) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7429] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7430] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7429] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5871] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7430] <... openat resumed>) = 4 [pid 7430] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... close resumed>) = 0 [pid 7430] <... futex resumed>) = 1 [pid 7429] <... futex resumed>) = 0 [pid 5868] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7429] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7429] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7430] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] <... clone resumed>, child_tidptr=0x55557616a690) = 290 ./strace-static-x86_64: Process 7433 attached [pid 7430] <... openat resumed>) = 5 [pid 7430] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7432] <... write resumed>) = 2097152 [pid 7433] set_robust_list(0x55557616a6a0, 24 [pid 7430] <... futex resumed>) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7433] <... set_robust_list resumed>) = 0 [pid 7430] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7429] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7429] <... futex resumed>) = 0 [pid 7429] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7430] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7433] chdir("./140") = 0 [pid 7430] <... write resumed>) = 1116 [pid 7433] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7430] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7432] munmap(0x7f7017800000, 138412032 [pid 7433] <... prctl resumed>) = 0 [pid 7430] <... futex resumed>) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7429] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7433] setpgid(0, 0 [pid 7430] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7429] <... futex resumed>) = 0 [pid 7429] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7433] <... setpgid resumed>) = 0 [pid 7430] <... mmap resumed>) = 0x200000000000 [pid 7433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7430] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7430] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7433] <... openat resumed>) = 3 [pid 7429] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... umount2 resumed>) = 0 [pid 7433] write(3, "1000", 4) = 4 [pid 7432] <... munmap resumed>) = 0 [pid 7430] <... futex resumed>) = 0 [pid 7429] <... futex resumed>) = 1 [pid 7433] close(3 [pid 7430] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7429] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7433] <... close resumed>) = 0 [pid 7433] symlink("/dev/binderfs", "./binderfs" [pid 7432] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7430] <... ioctl resumed>) = -1 EFAULT (Bad address) executing program [pid 7433] <... symlink resumed>) = 0 [pid 7432] <... openat resumed>) = 4 [pid 7430] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7433] write(1, "executing program\n", 18 [pid 7430] <... futex resumed>) = 1 [pid 7429] <... futex resumed>) = 0 [pid 7433] <... write resumed>) = 18 [pid 7430] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7429] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7433] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7432] ioctl(4, LOOP_SET_FD, 3 [pid 7430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7429] <... futex resumed>) = 0 [pid 7433] <... futex resumed>) = 0 [pid 7430] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7429] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7433] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7433] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7433] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[291]}, 88) = 291 [pid 7432] <... ioctl resumed>) = 0 [pid 5871] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7433] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7434 attached [pid 7433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7433] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7432] close(3 [pid 5871] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7432] <... close resumed>) = 0 [pid 7433] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7432] close(4 [pid 5871] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7432] <... close resumed>) = 0 [pid 7434] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7432] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5871] <... openat resumed>) = 4 [pid 7432] <... mkdir resumed>) = 0 [pid 5871] newfstatat(4, "", [pid 7434] <... rseq resumed>) = 0 [pid 7432] mount("/dev/loop2", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7427] <... futex resumed>) = ? [pid 5871] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7434] set_robust_list(0x7f701fd149a0, 24 [pid 5871] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5871] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5871] close(4) = 0 [pid 5871] rmdir("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5871] umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5871] newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7434] <... set_robust_list resumed>) = 0 [pid 7434] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] unlink("./140/binderfs" [pid 7434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... unlink resumed>) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5871] close(3) = 0 [pid 7428] +++ killed by SIGSEGV (core dumped) +++ [pid 7427] +++ killed by SIGSEGV (core dumped) +++ [pid 5871] rmdir("./140" [pid 7434] memfd_create("syzkaller", 0 [pid 5871] <... rmdir resumed>) = 0 [pid 5870] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=295, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 7434] <... memfd_create resumed>) = 3 [pid 5871] mkdir("./141", 0777 [pid 5870] restart_syscall(<... resuming interrupted clone ...> [pid 7434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7434] <... mmap resumed>) = 0x7f7017800000 [pid 5871] <... openat resumed>) = 3 [pid 5871] ioctl(3, LOOP_CLR_FD) = 0 [ 501.387909][ T7432] loop2: detected capacity change from 0 to 4096 [pid 5871] close(3 [pid 5870] <... restart_syscall resumed>) = 0 [pid 5870] umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5870] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5870] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... close resumed>) = 0 [pid 5871] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7435 attached [pid 7435] set_robust_list(0x55557616a6a0, 24 [pid 5871] <... clone resumed>, child_tidptr=0x55557616a690) = 293 [pid 5870] <... umount2 resumed>) = 0 [pid 7435] <... set_robust_list resumed>) = 0 [pid 7435] chdir("./141") = 0 [pid 7435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7435] setpgid(0, 0) = 0 [pid 7435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7435] write(3, "1000", 4) = 4 [pid 7435] close(3executing program ) = 0 [pid 7432] <... mount resumed>) = 0 [pid 7435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7435] write(1, "executing program\n", 18) = 18 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7435] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} => {parent_tid=[294]}, 88) = 294 [pid 7435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7436 attached [pid 7435] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7436] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 5870] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7436] <... rseq resumed>) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7436] set_robust_list(0x7f701fd149a0, 24 [pid 5870] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7436] <... set_robust_list resumed>) = 0 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7436] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7436] memfd_create("syzkaller", 0 [pid 5870] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7432] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5870] <... openat resumed>) = 4 [pid 5870] newfstatat(4, "", [pid 7436] <... memfd_create resumed>) = 3 [pid 5870] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 7432] <... openat resumed>) = 3 [pid 7436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5870] getdents64(4, [pid 7436] <... mmap resumed>) = 0x7f7017800000 [pid 7432] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 5870] <... getdents64 resumed>0x555576173890 /* 2 entries */, 32768) = 48 [pid 7434] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7432] <... chdir resumed>) = 0 [pid 7432] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5870] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5870] close(4) = 0 [pid 7432] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] rmdir("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 7432] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5870] newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5870] unlink("./140/binderfs") = 0 [pid 5870] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5870] close(3) = 0 [pid 5870] rmdir("./140") = 0 [pid 5870] mkdir("./141", 0777) = 0 [pid 7432] <... futex resumed>) = 1 [pid 7431] <... futex resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7432] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7431] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... openat resumed>) = 3 [pid 7431] <... futex resumed>) = 0 [pid 5870] ioctl(3, LOOP_CLR_FD [pid 7431] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... ioctl resumed>) = 0 [pid 5870] close(3 [pid 7432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7432] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5870] <... close resumed>) = 0 [pid 7434] <... write resumed>) = 2097152 [pid 7432] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7436] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7431] <... futex resumed>) = 0 [pid 5870] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7434] munmap(0x7f7017800000, 138412032 [pid 7432] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7431] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7431] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... clone resumed>, child_tidptr=0x55557616a690) = 297 [pid 7434] <... munmap resumed>) = 0 [pid 7432] <... openat resumed>) = 5 ./strace-static-x86_64: Process 7437 attached [pid 7432] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7429] <... futex resumed>) = ? [pid 7432] <... futex resumed>) = 1 [pid 7431] <... futex resumed>) = 0 [pid 7431] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7432] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7431] <... futex resumed>) = 0 [pid 7431] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7437] set_robust_list(0x55557616a6a0, 24 [pid 7434] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7432] <... write resumed>) = 1116 [pid 7437] <... set_robust_list resumed>) = 0 [pid 7437] chdir("./141" [pid 7432] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7437] <... chdir resumed>) = 0 [pid 7436] <... write resumed>) = 2097152 [pid 7434] <... openat resumed>) = 4 [pid 7432] <... futex resumed>) = 1 [pid 7431] <... futex resumed>) = 0 [pid 7430] +++ killed by SIGSEGV (core dumped) +++ [pid 7429] +++ killed by SIGSEGV (core dumped) +++ [pid 7437] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7436] munmap(0x7f7017800000, 138412032 [pid 7434] ioctl(4, LOOP_SET_FD, 3 [pid 7432] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7431] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=291, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- [pid 7437] <... prctl resumed>) = 0 [pid 7436] <... munmap resumed>) = 0 [pid 7431] <... futex resumed>) = 0 [pid 7437] setpgid(0, 0 [pid 7436] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7431] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7437] <... setpgid resumed>) = 0 [pid 7436] <... openat resumed>) = 4 [pid 7437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7437] write(3, "1000", 4) = 4 [pid 7436] ioctl(4, LOOP_SET_FD, 3 [pid 7437] close(3 [pid 7434] <... ioctl resumed>) = 0 [pid 7432] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7434] close(3 [pid 5872] umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7432] <... mmap resumed>) = 0x200000000000 [pid 5872] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7437] <... close resumed>) = 0 [pid 7434] <... close resumed>) = 0 [pid 7432] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7437] symlink("/dev/binderfs", "./binderfs" [pid 7434] close(4 [pid 7432] <... futex resumed>) = 1 [pid 7431] <... futex resumed>) = 0 [pid 5872] <... openat resumed>) = 3 [pid 7437] <... symlink resumed>) = 0 [pid 7434] <... close resumed>) = 0 [pid 7432] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7431] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 5872] newfstatat(3, "", [pid 7437] write(1, "executing program\n", 18 [pid 7434] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7432] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7431] <... futex resumed>) = 0 [pid 7437] <... write resumed>) = 18 [pid 7432] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7431] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 7437] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7434] <... mkdir resumed>) = 0 [pid 7432] <... futex resumed>) = 0 [pid 7431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7437] <... futex resumed>) = 0 [pid 7434] mount("/dev/loop0", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7432] futex(0x7f702060d6e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7431] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] getdents64(3, [pid 7437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7431] <... futex resumed>) = 0 [pid 5872] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 [pid 7437] <... mmap resumed>) = 0x7f701fcf4000 [pid 7432] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7431] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7437] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 5872] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7437] <... mprotect resumed>) = 0 [pid 7437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7438 attached => {parent_tid=[298]}, 88) = 298 [pid 7437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7438] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7437] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7438] <... rseq resumed>) = 0 [pid 7437] <... futex resumed>) = 0 [pid 7437] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7438] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7438] memfd_create("syzkaller", 0 [pid 7436] <... ioctl resumed>) = 0 [pid 7438] <... memfd_create resumed>) = 3 [pid 7436] close(3 [pid 7438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7436] <... close resumed>) = 0 [pid 7438] <... mmap resumed>) = 0x7f7017800000 [ 501.631427][ T7434] loop0: detected capacity change from 0 to 4096 [ 501.640182][ T7436] loop3: detected capacity change from 0 to 4096 [pid 7436] close(4) = 0 [pid 7436] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0 [pid 7436] mount("/dev/loop3", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7434] <... mount resumed>) = 0 [pid 7434] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY [pid 5872] <... umount2 resumed>) = 0 [pid 7438] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7434] <... openat resumed>) = 3 [pid 7434] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f") = 0 [pid 7434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7434] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7433] <... futex resumed>) = 0 [pid 7433] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5872] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5872] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5872] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 5872] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5872] close(4) = 0 [pid 5872] rmdir("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38") = 0 [pid 5872] umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] newfstatat(AT_FDCWD, "./140/binderfs", [pid 7433] <... futex resumed>) = 0 [pid 5872] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7433] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] unlink("./140/binderfs") = 0 [pid 5872] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5872] close(3 [pid 7434] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5872] <... close resumed>) = 0 [pid 5872] rmdir("./140") = 0 [pid 5872] mkdir("./141", 0777) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5872] ioctl(3, LOOP_CLR_FD) = 0 [pid 5872] close(3 [pid 7438] <... write resumed>) = 2097152 [pid 7434] <... openat resumed>) = 4 [pid 5872] <... close resumed>) = 0 [pid 7434] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7433] <... futex resumed>) = 0 [pid 7433] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7438] munmap(0x7f7017800000, 138412032 [pid 7433] <... futex resumed>) = 0 [pid 7434] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7433] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7439 attached [pid 7438] <... munmap resumed>) = 0 [pid 7434] <... openat resumed>) = 5 [pid 7434] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] set_robust_list(0x55557616a6a0, 24 [pid 7434] <... futex resumed>) = 1 [pid 7433] <... futex resumed>) = 0 [pid 7433] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7438] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7434] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7433] <... futex resumed>) = 0 [pid 7439] <... set_robust_list resumed>) = 0 [pid 7433] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7439] chdir("./141" [pid 7438] <... openat resumed>) = 4 [pid 7434] <... write resumed>) = 1116 [pid 7439] <... chdir resumed>) = 0 [pid 7434] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7434] <... futex resumed>) = 1 [pid 7433] <... futex resumed>) = 0 [pid 7439] <... prctl resumed>) = 0 [pid 7433] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] setpgid(0, 0 [pid 7438] ioctl(4, LOOP_SET_FD, 3 [pid 7433] <... futex resumed>) = 0 [pid 5872] <... clone resumed>, child_tidptr=0x55557616a690) = 293 [pid 7439] <... setpgid resumed>) = 0 [pid 7434] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7433] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7436] <... mount resumed>) = 0 [pid 7434] <... mmap resumed>) = 0x200000000000 [pid 7436] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7436] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7439] <... openat resumed>) = 3 [pid 7436] <... chdir resumed>) = 0 [pid 7434] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] write(3, "1000", 4 [pid 7436] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7434] <... futex resumed>) = 1 [pid 7433] <... futex resumed>) = 0 [pid 7433] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] <... write resumed>) = 4 [pid 7433] <... futex resumed>) = 0 [pid 7434] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7433] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7439] close(3) = 0 [pid 7436] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7434] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7436] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7434] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] symlink("/dev/binderfs", "./binderfs" [pid 7436] <... futex resumed>) = 1 [pid 7435] <... futex resumed>) = 0 [pid 7436] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7439] <... symlink resumed>) = 0 [pid 7435] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] write(1, "executing program\n", 18 [pid 7434] <... futex resumed>) = 1 [pid 7433] <... futex resumed>) = 0 executing program [pid 7439] <... write resumed>) = 18 [pid 7436] <... openat resumed>) = 4 [pid 7435] <... futex resumed>) = 0 [pid 7434] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7433] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7436] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7436] <... futex resumed>) = 0 [pid 7435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7436] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7435] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7436] <... openat resumed>) = 5 [pid 7435] <... futex resumed>) = 0 [pid 7439] <... futex resumed>) = 0 [pid 7436] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 7435] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7436] <... futex resumed>) = 1 [pid 7435] <... futex resumed>) = 0 [pid 7439] <... mmap resumed>) = 0x7f701fcf4000 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=45000000} [pid 7439] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE [pid 7436] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7436] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7435] <... futex resumed>) = 0 [pid 7435] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7436] <... futex resumed>) = 1 [pid 7436] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7438] <... ioctl resumed>) = 0 [pid 7439] <... mprotect resumed>) = 0 [pid 7436] <... mmap resumed>) = 0x200000000000 [pid 7438] close(3) = 0 [pid 7438] close(4 [pid 7436] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7435] <... futex resumed>) = 0 [pid 7435] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7435] <... futex resumed>) = 0 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7439] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7438] <... close resumed>) = 0 [pid 7436] <... futex resumed>) = 1 [pid 7438] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7436] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7438] <... mkdir resumed>) = 0 [pid 7436] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7436] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7435] <... futex resumed>) = 0 [pid 7435] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7435] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7436] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7438] mount("/dev/loop1", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0}./strace-static-x86_64: Process 7440 attached [pid 7440] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053) = 0 [pid 7439] <... clone3 resumed> => {parent_tid=[294]}, 88) = 294 [pid 7440] set_robust_list(0x7f701fd149a0, 24 [pid 7439] rt_sigprocmask(SIG_SETMASK, [], [pid 7440] <... set_robust_list resumed>) = 0 [pid 7439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7440] rt_sigprocmask(SIG_SETMASK, [], [pid 7439] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7439] <... futex resumed>) = 0 [ 501.804855][ T7438] loop1: detected capacity change from 0 to 4096 [pid 7439] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7440] memfd_create("syzkaller", 0) = 3 [pid 7440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7440] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152 [pid 7431] <... futex resumed>) = ? [pid 7432] +++ killed by SIGSEGV (core dumped) +++ [pid 7431] +++ killed by SIGSEGV (core dumped) +++ [pid 5869] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=290, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 7440] <... write resumed>) = 2097152 [pid 7440] munmap(0x7f7017800000, 138412032) = 0 [pid 7440] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7438] <... mount resumed>) = 0 [pid 7438] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 7438] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7440] <... openat resumed>) = 4 [pid 7440] ioctl(4, LOOP_SET_FD, 3 [pid 5869] umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7438] <... chdir resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5869] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5869] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7438] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7438] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7437] <... futex resumed>) = 0 [pid 7437] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7437] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7438] <... futex resumed>) = 1 [pid 7438] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 7440] <... ioctl resumed>) = 0 [pid 7438] <... openat resumed>) = 4 [pid 7440] close(3) = 0 [pid 7440] close(4) = 0 [pid 7438] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7437] <... futex resumed>) = 0 [pid 7437] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7437] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7440] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 7438] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7440] <... mkdir resumed>) = 0 [pid 7440] mount("/dev/loop4", "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", "ntfs3", MS_POSIXACL, "\x73\x70\x61\x72\x73\x65\x2c\x61\x63\x6c\x2c\x6e\x6f\x68\x69\x64\x64\x65\x6e\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x37\x4e\x99\x2c\x73\x70\x61\x72\x73\x65\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x77\x69\x6e\x64\x6f\x77\x73\x5f\x6e\x61\x6d\x65\x73\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x63\x70\x34\x33\x37\x2c\x64\x69\x73\x63\x61\x72\x64\x2c\x69\x6f\x63\x68\x61\x72\x73\x65\x74\x3d\x6d"... [pid 7438] <... openat resumed>) = 5 [pid 7438] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7437] <... futex resumed>) = 0 [pid 7437] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7437] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7438] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116) = 1116 [pid 7438] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7437] <... futex resumed>) = 0 [pid 7437] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7437] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7438] <... futex resumed>) = 1 [pid 7438] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0) = 0x200000000000 [ 501.933242][ T7440] loop4: detected capacity change from 0 to 4096 [pid 7438] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7437] <... futex resumed>) = 0 [pid 7437] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7438] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7437] <... futex resumed>) = 0 [pid 7438] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7437] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7438] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7437] <... futex resumed>) = 0 [pid 7437] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7437] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7438] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7440] <... mount resumed>) = 0 [pid 7433] <... futex resumed>) = ? [pid 7440] openat(AT_FDCWD, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] <... umount2 resumed>) = 0 [pid 7440] chdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f" [pid 7434] +++ killed by SIGSEGV (core dumped) +++ [pid 7433] +++ killed by SIGSEGV (core dumped) +++ [pid 5868] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=290, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [pid 7440] <... chdir resumed>) = 0 [pid 7440] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5869] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5869] getdents64(4, 0x555576173890 /* 2 entries */, 32768) = 48 [pid 7440] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] getdents64(4, 0x555576173890 /* 0 entries */, 32768) = 0 [pid 5869] close(4) = 0 [pid 7440] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] <... futex resumed>) = 0 [pid 7440] <... futex resumed>) = 1 [pid 5869] rmdir("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38" [pid 7439] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] <... rmdir resumed>) = 0 [pid 7439] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7440] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5869] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] unlink("./140/binderfs") = 0 [pid 5869] getdents64(3, 0x55557616b850 /* 0 entries */, 32768) = 0 [pid 5869] close(3) = 0 [pid 5869] rmdir("./140") = 0 [pid 5869] mkdir("./141", 0777) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5869] ioctl(3, LOOP_CLR_FD) = 0 [pid 5869] close(3 [pid 5868] umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7440] <... openat resumed>) = 4 [pid 5869] <... close resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7440] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... openat resumed>) = 3 [pid 7440] <... futex resumed>) = 1 [pid 7439] <... futex resumed>) = 0 [pid 5868] newfstatat(3, "", [pid 7440] openat(AT_FDCWD, "cpu.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 7439] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5869] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5868] getdents64(3, [pid 7439] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7440] <... openat resumed>) = 5 [pid 5868] <... getdents64 resumed>0x55557616b850 /* 4 entries */, 32768) = 176 ./strace-static-x86_64: Process 7441 attached [pid 7440] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7441] set_robust_list(0x55557616a6a0, 24 [pid 7440] <... futex resumed>) = 1 [pid 7439] <... futex resumed>) = 0 [pid 7435] <... futex resumed>) = ? [pid 5869] <... clone resumed>, child_tidptr=0x55557616a690) = 292 [pid 7441] <... set_robust_list resumed>) = 0 [pid 7441] chdir("./141") = 0 [pid 7441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7441] setpgid(0, 0) = 0 [pid 7436] +++ killed by SIGSEGV (core dumped) +++ [pid 7435] +++ killed by SIGSEGV (core dumped) +++ [pid 7441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=293, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 7441] write(3, "1000", 4 [pid 5871] restart_syscall(<... resuming interrupted clone ...> [pid 7441] <... write resumed>) = 4 [pid 7441] close(3) = 0 [pid 7441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7441] write(1, "executing program\n", 18) = 18 [pid 7441] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f701fcf4000 [pid 7441] mprotect(0x7f701fcf5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f701fd14990, parent_tid=0x7f701fd14990, exit_signal=0, stack=0x7f701fcf4000, stack_size=0x20300, tls=0x7f701fd146c0} [pid 7440] write(5, "\x73\x79\x7a\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x09\x00\x44\x04\x29\x05\x25\x00\x00\x00\xf5\x00\x00\x00\x08\x00\x00\x00"..., 1116 [pid 7439] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... restart_syscall resumed>) = 0 [pid 7441] <... clone3 resumed> => {parent_tid=[293]}, 88) = 293 [pid 7439] <... futex resumed>) = 0 [pid 7441] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7440] <... write resumed>) = 1116 [pid 7439] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7441] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7441] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 3 ./strace-static-x86_64: Process 7442 attached [pid 7441] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5871] getdents64(3, 0x55557616b850 /* 4 entries */, 32768) = 176 [pid 5871] umount2("\x2e\x2f\x31\x34\x31\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7442] rseq(0x7f701fd14fe0, 0x20, 0, 0x53053053 [pid 7440] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7442] <... rseq resumed>) = 0 [pid 7442] set_robust_list(0x7f701fd149a0, 24) = 0 [pid 7442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7442] memfd_create("syzkaller", 0 [pid 7440] <... futex resumed>) = 1 [pid 7439] <... futex resumed>) = 0 [pid 7442] <... memfd_create resumed>) = 3 [pid 7439] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7440] mmap(0x200000000000, 12288, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 5, 0 [pid 7442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7017800000 [pid 7440] <... mmap resumed>) = 0x200000000000 [pid 7439] <... futex resumed>) = 0 [pid 5868] <... umount2 resumed>) = 0 [pid 7440] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7440] <... futex resumed>) = 0 [pid 7439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7440] ioctl(4, FS_IOC_FIEMAP, {fm_start=4, fm_length=30064771081, fm_flags=FIEMAP_FLAG_SYNC, fm_extent_count=56} [pid 7439] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7440] <... ioctl resumed>) = -1 EFAULT (Bad address) [pid 7439] <... futex resumed>) = 0 [pid 7440] futex(0x7f702060d6ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 7439] futex(0x7f702060d6ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7440] <... futex resumed>) = 0 [pid 7439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] newfstatat(AT_FDCWD, "\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", [pid 7439] futex(0x7f702060d6e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7440] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000005c4} --- [pid 7439] <... futex resumed>) = 0 [pid 5868] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] umount2("\x2e\x2f\x31\x34\x30\x2f\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)