./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor830181473 <...> Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts. execve("./syz-executor830181473", ["./syz-executor830181473"], 0x7ffd4309f990 /* 10 vars */) = 0 brk(NULL) = 0x555556850000 brk(0x555556850d00) = 0x555556850d00 arch_prctl(ARCH_SET_FS, 0x555556850380) = 0 set_tid_address(0x555556850650) = 293 set_robust_list(0x555556850660, 24) = 0 rseq(0x555556850ca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor830181473", 4096) = 27 getrandom("\x89\x09\x59\xb9\x0c\xfd\x49\x85", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556850d00 brk(0x555556871d00) = 0x555556871d00 brk(0x555556872000) = 0x555556872000 mprotect(0x7f9d04eef000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.tVrn85", 0700) = 0 chmod("./syzkaller.tVrn85", 0777) = 0 chdir("./syzkaller.tVrn85") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 295 ./strace-static-x86_64: Process 295 attached [pid 295] set_robust_list(0x555556850660, 24) = 0 [pid 295] chdir("./0") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 295] write(1, "executing program\n", 18) = 18 [pid 295] memfd_create("syzkaller", 0) = 3 [pid 295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 295] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 295] close(3) = 0 [pid 295] close(4) = 0 [pid 295] mkdir("./file1", 0777) = 0 [ 20.558579][ T28] audit: type=1400 audit(1724315100.496:66): avc: denied { execmem } for pid=293 comm="syz-executor830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.561779][ T28] audit: type=1400 audit(1724315100.496:67): avc: denied { read write } for pid=293 comm="syz-executor830" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.565698][ T28] audit: type=1400 audit(1724315100.496:68): avc: denied { open } for pid=293 comm="syz-executor830" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.569514][ T28] audit: type=1400 audit(1724315100.496:69): avc: denied { ioctl } for pid=293 comm="syz-executor830" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.577923][ T295] loop0: detected capacity change from 0 to 1024 [ 20.583472][ T28] audit: type=1400 audit(1724315100.516:70): avc: denied { mounton } for pid=295 comm="syz-executor830" path="/root/syzkaller.tVrn85/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 295] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 295] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 295] chdir("./file1") = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 295] ioctl(4, LOOP_CLR_FD) = 0 [pid 295] close(4) = 0 [pid 295] chdir("./file0") = 0 [pid 295] creat("./bus", 000) = 4 [pid 295] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 295] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 295] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 295] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 295] exit_group(0) = ? [pid 295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/lost+found") = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file0") = 0 umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file1") = 0 [ 20.607850][ T295] EXT4-fs: Ignoring removed orlov option [ 20.613312][ T295] EXT4-fs: Ignoring removed nomblk_io_submit option [ 20.627940][ T295] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 20.636317][ T28] audit: type=1400 audit(1724315100.566:71): avc: denied { mount } for pid=295 comm="syz-executor830" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/file0") = 0 umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file2") = 0 umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file3") = 0 umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = -1 EBUSY (Device or resource busy) [ 20.658186][ T28] audit: type=1400 audit(1724315100.576:72): avc: denied { write } for pid=295 comm="syz-executor830" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.680292][ T28] audit: type=1400 audit(1724315100.576:73): avc: denied { add_name } for pid=295 comm="syz-executor830" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.681225][ T293] EXT4-fs (loop0): unmounting filesystem. umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555556850660, 24) = 0 [pid 300] chdir("./1") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 300] write(1, "executing program\n", 18) = 18 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 300] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 20.700787][ T28] audit: type=1400 audit(1724315100.576:74): avc: denied { create } for pid=295 comm="syz-executor830" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.700811][ T28] audit: type=1400 audit(1724315100.576:75): avc: denied { write open } for pid=295 comm="syz-executor830" path="/root/syzkaller.tVrn85/0/file1/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./file1", 0777) = 0 [pid 300] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("./file1") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] chdir("./file0") = 0 [pid 300] creat("./bus", 000) = 4 [pid 300] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 300] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 300] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 300] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 300] exit_group(0) = ? [pid 300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file1/lost+found") = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file0") = 0 umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file1") = 0 umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file1/file0") = 0 umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file1") = 0 umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file2") = 0 umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file3") = 0 umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = -1 EBUSY (Device or resource busy) [ 20.766714][ T300] loop0: detected capacity change from 0 to 1024 [ 20.774765][ T300] EXT4-fs: Ignoring removed orlov option [ 20.780480][ T300] EXT4-fs: Ignoring removed nomblk_io_submit option [ 20.797690][ T300] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 303 ./strace-static-x86_64: Process 303 attached [pid 303] set_robust_list(0x555556850660, 24) = 0 [pid 303] chdir("./2") = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 303] setpgid(0, 0) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 303] write(3, "1000", 4) = 4 [pid 303] close(3) = 0 [pid 303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 303] write(1, "executing program\n", 18executing program ) = 18 [pid 303] memfd_create("syzkaller", 0) = 3 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 303] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 303] close(3) = 0 [pid 303] close(4) = 0 [pid 303] mkdir("./file1", 0777) = 0 [ 20.830813][ T293] EXT4-fs (loop0): unmounting filesystem. [ 20.851970][ T303] loop0: detected capacity change from 0 to 1024 [ 20.859233][ T303] EXT4-fs: Ignoring removed orlov option [ 20.864843][ T303] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 303] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 303] chdir("./file1") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 303] ioctl(4, LOOP_CLR_FD) = 0 [pid 303] close(4) = 0 [pid 303] chdir("./file0") = 0 [pid 303] creat("./bus", 000) = 4 [pid 303] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 303] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 303] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 303] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 303] exit_group(0) = ? [pid 303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/file1/lost+found") = 0 umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/file0") = 0 umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/file1") = 0 umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 [ 20.877448][ T303] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 20.902464][ T293] ================================================================== [ 20.910353][ T293] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 20.918162][ T293] Read of size 4 at addr ffff8881250d0000 by task syz-executor830/293 [ 20.926144][ T293] [ 20.928327][ T293] CPU: 1 PID: 293 Comm: syz-executor830 Not tainted 6.1.90-syzkaller-00025-gfaf32723dc54 #0 [ 20.938211][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 20.948112][ T293] Call Trace: [ 20.951228][ T293] [ 20.954007][ T293] dump_stack_lvl+0x151/0x1b7 [ 20.958523][ T293] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 20.963814][ T293] ? _printk+0xd1/0x111 [ 20.967807][ T293] ? __virt_addr_valid+0x242/0x2f0 [ 20.972754][ T293] print_report+0x158/0x4e0 [ 20.977094][ T293] ? __virt_addr_valid+0x242/0x2f0 [ 20.982041][ T293] ? kasan_addr_to_slab+0xd/0x80 [ 20.986814][ T293] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 20.992282][ T293] kasan_report+0x13c/0x170 [ 20.996625][ T293] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 21.002089][ T293] __asan_report_load4_noabort+0x14/0x20 [ 21.007559][ T293] ext4_xattr_delete_inode+0xcd0/0xce0 [ 21.012853][ T293] ? sb_end_intwrite+0x130/0x130 [ 21.017626][ T293] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 21.023527][ T293] ? __kasan_check_read+0x11/0x20 [ 21.028388][ T293] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 21.034115][ T293] ? ext4_evict_inode+0xbc2/0x1550 [ 21.039066][ T293] ext4_evict_inode+0xef9/0x1550 [ 21.043837][ T293] ? _raw_spin_unlock+0x4c/0x70 [ 21.048525][ T293] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 21.054252][ T293] ? _raw_spin_unlock+0x4c/0x70 [ 21.058939][ T293] ? inode_io_list_del+0x18b/0x1a0 [ 21.063886][ T293] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 21.069614][ T293] evict+0x2a3/0x630 [ 21.073346][ T293] iput+0x616/0x690 [ 21.076993][ T293] vfs_rmdir+0x3c2/0x500 [ 21.081070][ T293] do_rmdir+0x3ab/0x630 [ 21.085063][ T293] ? d_delete_notify+0x160/0x160 [ 21.089838][ T293] ? strncpy_from_user+0x169/0x2b0 [ 21.094786][ T293] ? getname_flags+0x1fd/0x520 [ 21.099386][ T293] __x64_sys_rmdir+0x49/0x50 [ 21.103811][ T293] x64_sys_call+0x274/0x9a0 [ 21.108153][ T293] do_syscall_64+0x3b/0xb0 [ 21.112401][ T293] ? clear_bhb_loop+0x55/0xb0 [ 21.116918][ T293] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 21.122653][ T293] RIP: 0033:0x7f9d04e7adc7 [ 21.126899][ T293] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 21.146341][ T293] RSP: 002b:00007fff4a9487a8 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 21.154585][ T293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d04e7adc7 [ 21.162397][ T293] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007fff4a949950 [ 21.170209][ T293] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000 [ 21.178020][ T293] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff4a949950 [ 21.185830][ T293] R13: 0000555556861740 R14: 431bde82d7b634db R15: 00007fff4a94bad0 [ 21.193645][ T293] [ 21.196507][ T293] [ 21.198675][ T293] The buggy address belongs to the physical page: [ 21.204935][ T293] page:ffffea0004943400 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1250d0 [ 21.214993][ T293] flags: 0x4000000000000000(zone=1) [ 21.220033][ T293] raw: 4000000000000000 ffffea0004943448 ffffea00048dde48 0000000000000000 [ 21.228451][ T293] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 21.236866][ T293] page dumped because: kasan: bad access detected [ 21.243123][ T293] page_owner tracks the page as freed [ 21.248322][ T293] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 233, tgid 233 (sshd), ts 14403302780, free_ts 14456547255 [ 21.266898][ T293] post_alloc_hook+0x213/0x220 [ 21.271495][ T293] prep_new_page+0x1b/0x110 [ 21.275833][ T293] get_page_from_freelist+0x27ea/0x2870 [ 21.281216][ T293] __alloc_pages+0x3a1/0x780 [ 21.285642][ T293] __folio_alloc+0x15/0x40 [ 21.289895][ T293] handle_mm_fault+0x1cf7/0x30e0 [ 21.294679][ T293] exc_page_fault+0x3b3/0x700 [ 21.299182][ T293] asm_exc_page_fault+0x27/0x30 [ 21.303878][ T293] page last free stack trace: [ 21.308384][ T293] free_unref_page_prepare+0x83d/0x850 [ 21.313680][ T293] free_unref_page_list+0xf1/0x7b0 [ 21.318627][ T293] release_pages+0xf7f/0xfe0 [ 21.323050][ T293] free_pages_and_swap_cache+0x8a/0xa0 [ 21.328344][ T293] tlb_finish_mmu+0x1e0/0x3f0 [ 21.332858][ T293] unmap_region+0x2c1/0x310 [ 21.337197][ T293] do_mas_align_munmap+0xd05/0x1400 [ 21.342232][ T293] do_mas_munmap+0x23e/0x2b0 [ 21.346659][ T293] __vm_munmap+0x263/0x3a0 [ 21.350911][ T293] __x64_sys_munmap+0x6b/0x80 [ 21.355423][ T293] x64_sys_call+0x75/0x9a0 [ 21.359677][ T293] do_syscall_64+0x3b/0xb0 [ 21.363931][ T293] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 21.369661][ T293] [ 21.371828][ T293] Memory state around the buggy address: [ 21.377299][ T293] ffff8881250cff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.385199][ T293] ffff8881250cff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.393097][ T293] >ffff8881250d0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.400994][ T293] ^ rmdir("./2/file1/file0") = 0 umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file1") = 0 umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file2") = 0 umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file3") = 0 umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = -1 EBUSY (Device or resource busy) umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555556850660, 24) = 0 [pid 306] chdir("./3") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18executing program ) = 18 [pid 306] memfd_create("syzkaller", 0) = 3 [pid 306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 306] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 21.404899][ T293] ffff8881250d0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.412798][ T293] ffff8881250d0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 21.420694][ T293] ================================================================== [ 21.428706][ T293] Disabling lock debugging due to kernel taint [ 21.437951][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 306] close(3) = 0 [pid 306] close(4) = 0 [pid 306] mkdir("./file1", 0777) = 0 [pid 306] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 306] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 306] chdir("./file1") = 0 [pid 306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 306] ioctl(4, LOOP_CLR_FD) = 0 [pid 306] close(4) = 0 [pid 306] chdir("./file0") = 0 [pid 306] creat("./bus", 000) = 4 [pid 306] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 306] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 306] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 306] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 306] exit_group(0) = ? [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/file1/lost+found") = 0 umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/file0") = 0 umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/file1") = 0 umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/file1/file0") = 0 umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file1") = 0 umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file2") = 0 umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file3") = 0 umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = -1 EBUSY (Device or resource busy) [ 21.455669][ T306] loop0: detected capacity change from 0 to 1024 [ 21.462779][ T306] EXT4-fs: Ignoring removed orlov option [ 21.468385][ T306] EXT4-fs: Ignoring removed nomblk_io_submit option [ 21.478180][ T306] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x555556850660, 24) = 0 [pid 309] chdir("./4") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] memfd_create("syzkaller", 0) = 3 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 309] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 309] close(3) = 0 [pid 309] close(4) = 0 [pid 309] mkdir("./file1", 0777) = 0 [ 21.513425][ T293] EXT4-fs (loop0): unmounting filesystem. [ 21.532820][ T309] loop0: detected capacity change from 0 to 1024 [ 21.540146][ T309] EXT4-fs: Ignoring removed orlov option [ 21.545630][ T309] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 309] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 309] chdir("./file1") = 0 [pid 309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 309] ioctl(4, LOOP_CLR_FD) = 0 [pid 309] close(4) = 0 [pid 309] chdir("./file0") = 0 [pid 309] creat("./bus", 000) = 4 [pid 309] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 309] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 309] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 309] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 309] exit_group(0) = ? [pid 309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file1/lost+found") = 0 umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/file0") = 0 umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/file1") = 0 umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file1/file0") = 0 umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file1") = 0 umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file2") = 0 umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file3") = 0 umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = -1 EBUSY (Device or resource busy) [ 21.557756][ T309] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 312 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x555556850660, 24) = 0 [pid 312] chdir("./5") = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 312] write(1, "executing program\n", 18executing program ) = 18 [pid 312] memfd_create("syzkaller", 0) = 3 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 312] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 312] close(3) = 0 [pid 312] close(4) = 0 [pid 312] mkdir("./file1", 0777) = 0 [pid 312] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 312] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 312] chdir("./file1") = 0 [pid 312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 312] close(4) = 0 [pid 312] chdir("./file0") = 0 [pid 312] creat("./bus", 000) = 4 [pid 312] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 312] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 312] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 312] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 312] exit_group(0) = ? [pid 312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file1/lost+found") = 0 umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/file0") = 0 umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/file1") = 0 umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file1/file0") = 0 umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file1") = 0 umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file2") = 0 umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file3") = 0 umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = -1 EBUSY (Device or resource busy) [ 21.587190][ T293] EXT4-fs (loop0): unmounting filesystem. [ 21.602652][ T312] loop0: detected capacity change from 0 to 1024 [ 21.610333][ T312] EXT4-fs: Ignoring removed orlov option [ 21.615818][ T312] EXT4-fs: Ignoring removed nomblk_io_submit option [ 21.628349][ T312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 316 ./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x555556850660, 24) = 0 [pid 316] chdir("./6") = 0 [pid 316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 316] setpgid(0, 0) = 0 [pid 316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 316] write(3, "1000", 4) = 4 [pid 316] close(3) = 0 [pid 316] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 316] write(1, "executing program\n", 18) = 18 [pid 316] memfd_create("syzkaller", 0) = 3 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 316] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 316] close(3) = 0 [pid 316] close(4) = 0 [pid 316] mkdir("./file1", 0777) = 0 [pid 316] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [ 21.655039][ T293] EXT4-fs (loop0): unmounting filesystem. [ 21.671709][ T316] loop0: detected capacity change from 0 to 1024 [ 21.679883][ T316] EXT4-fs: Ignoring removed orlov option [ 21.685417][ T316] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 316] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 316] chdir("./file1") = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 316] ioctl(4, LOOP_CLR_FD) = 0 [pid 316] close(4) = 0 [pid 316] chdir("./file0") = 0 [pid 316] creat("./bus", 000) = 4 [pid 316] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 316] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 316] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 316] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 316] exit_group(0) = ? [pid 316] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=316, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file1/lost+found") = 0 umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/file0") = 0 umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/file1") = 0 umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file1/file0") = 0 umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file1") = 0 umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file2") = 0 umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file3") = 0 umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = -1 EBUSY (Device or resource busy) [ 21.697683][ T316] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555556850660, 24) = 0 [pid 319] chdir("./7") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] memfd_create("syzkaller", 0) = 3 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 319] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 319] close(3) = 0 [pid 319] close(4) = 0 [pid 319] mkdir("./file1", 0777) = 0 [ 21.730336][ T293] EXT4-fs (loop0): unmounting filesystem. [ 21.749701][ T319] loop0: detected capacity change from 0 to 1024 [ 21.757119][ T319] EXT4-fs: Ignoring removed orlov option [ 21.762751][ T319] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 319] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 319] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 319] chdir("./file1") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 319] ioctl(4, LOOP_CLR_FD) = 0 [pid 319] close(4) = 0 [pid 319] chdir("./file0") = 0 [pid 319] creat("./bus", 000) = 4 [pid 319] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 319] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 319] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 319] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 319] exit_group(0) = ? [pid 319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file1/lost+found") = 0 umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/file0") = 0 umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/file1") = 0 umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file1/file0") = 0 umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file1") = 0 umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file2") = 0 umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file3") = 0 umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = -1 EBUSY (Device or resource busy) umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 322 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x555556850660, 24) = 0 [pid 322] chdir("./8") = 0 [pid 322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 322] setpgid(0, 0) = 0 [pid 322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 322] write(3, "1000", 4) = 4 [pid 322] close(3) = 0 [pid 322] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 322] write(1, "executing program\n", 18) = 18 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 322] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 21.777709][ T319] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 21.811891][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./file1", 0777) = 0 [pid 322] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 322] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("./file1") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] chdir("./file0") = 0 [pid 322] creat("./bus", 000) = 4 [pid 322] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 322] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 322] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 322] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 322] exit_group(0) = ? [pid 322] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=322, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file1/lost+found") = 0 umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/file0") = 0 umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/file1") = 0 umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file1/file0") = 0 umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file1") = 0 umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file2") = 0 umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file3") = 0 umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = -1 EBUSY (Device or resource busy) [ 21.831521][ T322] loop0: detected capacity change from 0 to 1024 [ 21.838688][ T322] EXT4-fs: Ignoring removed orlov option [ 21.844172][ T322] EXT4-fs: Ignoring removed nomblk_io_submit option [ 21.857575][ T322] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 325 ./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x555556850660, 24) = 0 [pid 325] chdir("./9") = 0 [pid 325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 325] setpgid(0, 0) = 0 [pid 325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 325] write(3, "1000", 4) = 4 [pid 325] close(3) = 0 [pid 325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 325] write(1, "executing program\n", 18) = 18 [pid 325] memfd_create("syzkaller", 0) = 3 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 325] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 325] close(3) = 0 [pid 325] close(4) = 0 [pid 325] mkdir("./file1", 0777) = 0 [ 21.891368][ T293] EXT4-fs (loop0): unmounting filesystem. [ 21.911890][ T325] loop0: detected capacity change from 0 to 1024 [ 21.919330][ T325] EXT4-fs: Ignoring removed orlov option [ 21.924926][ T325] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 325] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 325] chdir("./file1") = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 325] ioctl(4, LOOP_CLR_FD) = 0 [pid 325] close(4) = 0 [pid 325] chdir("./file0") = 0 [pid 325] creat("./bus", 000) = 4 [pid 325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 325] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 325] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 325] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 325] exit_group(0) = ? [pid 325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=325, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file1/lost+found") = 0 umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/file0") = 0 umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/file1") = 0 umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file1/file0") = 0 umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file1") = 0 umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file2") = 0 umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file3") = 0 umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = -1 EBUSY (Device or resource busy) [ 21.937621][ T325] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x555556850660, 24) = 0 [pid 328] chdir("./10") = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 328] write(1, "executing program\n", 18) = 18 [pid 328] memfd_create("syzkaller", 0) = 3 [pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 328] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 328] close(3) = 0 [pid 328] close(4) = 0 [pid 328] mkdir("./file1", 0777) = 0 [pid 328] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 328] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 328] chdir("./file1") = 0 [ 21.975791][ T293] EXT4-fs (loop0): unmounting filesystem. [ 21.994798][ T328] loop0: detected capacity change from 0 to 1024 [ 22.001975][ T328] EXT4-fs: Ignoring removed orlov option [ 22.007681][ T328] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_CLR_FD) = 0 [pid 328] close(4) = 0 [pid 328] chdir("./file0") = 0 [pid 328] creat("./bus", 000) = 4 [pid 328] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 328] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 328] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 328] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 328] exit_group(0) = ? [pid 328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file1/lost+found") = 0 umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/file0") = 0 umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/file1") = 0 umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file1/file0") = 0 umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file1") = 0 umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file2") = 0 umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file3") = 0 umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = -1 EBUSY (Device or resource busy) [ 22.017970][ T328] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 331 ./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x555556850660, 24) = 0 [pid 331] chdir("./11") = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 331] setpgid(0, 0) = 0 [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 331] write(1, "executing program\n", 18executing program ) = 18 [pid 331] memfd_create("syzkaller", 0) = 3 [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 331] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 331] close(3) = 0 [pid 331] close(4) = 0 [pid 331] mkdir("./file1", 0777) = 0 [ 22.052190][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.074187][ T331] loop0: detected capacity change from 0 to 1024 [ 22.081300][ T331] EXT4-fs: Ignoring removed orlov option [ 22.087097][ T331] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 331] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 331] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 331] chdir("./file1") = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 331] ioctl(4, LOOP_CLR_FD) = 0 [pid 331] close(4) = 0 [pid 331] chdir("./file0") = 0 [pid 331] creat("./bus", 000) = 4 [pid 331] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 331] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 331] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 331] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 331] exit_group(0) = ? [pid 331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=331, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file1/lost+found") = 0 umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/file0") = 0 umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/file1") = 0 umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file1/file0") = 0 umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file1") = 0 umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file2") = 0 umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file3") = 0 umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = -1 EBUSY (Device or resource busy) [ 22.097763][ T331] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 334 ./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x555556850660, 24) = 0 [pid 334] chdir("./12") = 0 [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 334] setpgid(0, 0) = 0 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 334] write(3, "1000", 4) = 4 [pid 334] close(3) = 0 [pid 334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 334] write(1, "executing program\n", 18) = 18 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 334] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] close(4) = 0 [pid 334] mkdir("./file1", 0777) = 0 [pid 334] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 334] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("./file1") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_CLR_FD) = 0 [pid 334] close(4) = 0 [pid 334] chdir("./file0") = 0 [pid 334] creat("./bus", 000) = 4 [pid 334] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 334] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 334] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 334] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 334] exit_group(0) = ? [pid 334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file1/lost+found") = 0 umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/file0") = 0 umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/file1") = 0 umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file1/file0") = 0 umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file1") = 0 umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file2") = 0 umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file3") = 0 umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = -1 EBUSY (Device or resource busy) [ 22.127280][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.144305][ T334] loop0: detected capacity change from 0 to 1024 [ 22.151423][ T334] EXT4-fs: Ignoring removed orlov option [ 22.157312][ T334] EXT4-fs: Ignoring removed nomblk_io_submit option [ 22.167808][ T334] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 337 ./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x555556850660, 24) = 0 [pid 337] chdir("./13") = 0 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 337] setpgid(0, 0) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 337] write(1, "executing program\n", 18) = 18 [pid 337] memfd_create("syzkaller", 0) = 3 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 337] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 337] close(3) = 0 [pid 337] close(4) = 0 [pid 337] mkdir("./file1", 0777) = 0 [ 22.203080][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.220087][ T337] loop0: detected capacity change from 0 to 1024 [ 22.228123][ T337] EXT4-fs: Ignoring removed orlov option [ 22.233636][ T337] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 337] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 337] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 337] chdir("./file1") = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 337] ioctl(4, LOOP_CLR_FD) = 0 [pid 337] close(4) = 0 [pid 337] chdir("./file0") = 0 [pid 337] creat("./bus", 000) = 4 [pid 337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 337] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 337] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 337] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 337] exit_group(0) = ? [pid 337] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file1/lost+found") = 0 umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/file0") = 0 umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/file1") = 0 umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file1/file0") = 0 umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file1") = 0 umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file2") = 0 umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file3") = 0 umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = -1 EBUSY (Device or resource busy) [ 22.247713][ T337] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555556850660, 24) = 0 [pid 340] chdir("./14") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 executing program [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] write(1, "executing program\n", 18) = 18 [pid 340] memfd_create("syzkaller", 0) = 3 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 340] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 340] close(3) = 0 [pid 340] close(4) = 0 [pid 340] mkdir("./file1", 0777) = 0 [pid 340] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 340] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 340] chdir("./file1") = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 340] ioctl(4, LOOP_CLR_FD) = 0 [pid 340] close(4) = 0 [pid 340] chdir("./file0") = 0 [pid 340] creat("./bus", 000) = 4 [pid 340] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 340] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 340] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 340] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 340] exit_group(0) = ? [pid 340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file1/lost+found") = 0 umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/file0") = 0 umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/file1") = 0 umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file1/file0") = 0 umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file1") = 0 umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file2") = 0 umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file3") = 0 umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = -1 EBUSY (Device or resource busy) [ 22.277405][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.293543][ T340] loop0: detected capacity change from 0 to 1024 [ 22.301439][ T340] EXT4-fs: Ignoring removed orlov option [ 22.307149][ T340] EXT4-fs: Ignoring removed nomblk_io_submit option [ 22.317896][ T340] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 343 ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x555556850660, 24) = 0 [pid 343] chdir("./15") = 0 [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 343] write(1, "executing program\n", 18) = 18 [pid 343] memfd_create("syzkaller", 0) = 3 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 343] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 343] close(3) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file1", 0777) = 0 [ 22.352306][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.373243][ T343] loop0: detected capacity change from 0 to 1024 [ 22.381360][ T343] EXT4-fs: Ignoring removed orlov option [ 22.387213][ T343] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 343] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 343] chdir("./file1") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_CLR_FD) = 0 [pid 343] close(4) = 0 [pid 343] chdir("./file0") = 0 [pid 343] creat("./bus", 000) = 4 [pid 343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 343] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 343] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 343] exit_group(0) = ? [pid 343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=343, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/file1/lost+found") = 0 umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/file0") = 0 umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/file1") = 0 umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/file1/file0") = 0 umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file1") = 0 umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file2") = 0 umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file3") = 0 umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = -1 EBUSY (Device or resource busy) umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 346 ./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x555556850660, 24) = 0 [pid 346] chdir("./16") = 0 [pid 346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 346] setpgid(0, 0) = 0 [pid 346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 346] write(3, "1000", 4) = 4 [pid 346] close(3) = 0 [pid 346] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 346] write(1, "executing program\n", 18) = 18 [pid 346] memfd_create("syzkaller", 0) = 3 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 346] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 22.397588][ T343] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.414150][ T343] syz-executor830 (343) used greatest stack depth: 22088 bytes left [ 22.431394][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 346] close(3) = 0 [pid 346] close(4) = 0 [pid 346] mkdir("./file1", 0777) = 0 [pid 346] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 346] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 346] chdir("./file1") = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 346] ioctl(4, LOOP_CLR_FD) = 0 [pid 346] close(4) = 0 [pid 346] chdir("./file0") = 0 [pid 346] creat("./bus", 000) = 4 [pid 346] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 346] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 346] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 346] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 346] exit_group(0) = ? [pid 346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=346, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file1/lost+found") = 0 umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/file0") = 0 umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/file1") = 0 umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file1/file0") = 0 umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file1") = 0 umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file2") = 0 umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file3") = 0 umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = -1 EBUSY (Device or resource busy) [ 22.448119][ T346] loop0: detected capacity change from 0 to 1024 [ 22.455194][ T346] EXT4-fs: Ignoring removed orlov option [ 22.460779][ T346] EXT4-fs: Ignoring removed nomblk_io_submit option [ 22.477398][ T346] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x555556850660, 24) = 0 [pid 349] chdir("./17") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18) = 18 [pid 349] memfd_create("syzkaller", 0) = 3 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 349] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 349] close(3) = 0 [pid 349] close(4) = 0 [pid 349] mkdir("./file1", 0777) = 0 [ 22.511937][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.530862][ T349] loop0: detected capacity change from 0 to 1024 [ 22.538859][ T349] EXT4-fs: Ignoring removed orlov option [ 22.544368][ T349] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 349] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 349] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 349] chdir("./file1") = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_CLR_FD) = 0 [pid 349] close(4) = 0 [pid 349] chdir("./file0") = 0 [pid 349] creat("./bus", 000) = 4 [pid 349] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 349] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 349] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 349] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 349] exit_group(0) = ? [pid 349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file1/lost+found") = 0 umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/file0") = 0 umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/file1") = 0 umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file1/file0") = 0 umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file1") = 0 umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file2") = 0 umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file3") = 0 umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = -1 EBUSY (Device or resource busy) [ 22.557907][ T349] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555556850660, 24) = 0 [pid 352] chdir("./18") = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 352] write(1, "executing program\n", 18) = 18 [pid 352] memfd_create("syzkaller", 0) = 3 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 352] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 352] close(3) = 0 [pid 352] close(4) = 0 [pid 352] mkdir("./file1", 0777) = 0 [ 22.587894][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.609900][ T352] loop0: detected capacity change from 0 to 1024 [ 22.617594][ T352] EXT4-fs: Ignoring removed orlov option [ 22.623353][ T352] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 352] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 352] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 352] chdir("./file1") = 0 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 352] ioctl(4, LOOP_CLR_FD) = 0 [pid 352] close(4) = 0 [pid 352] chdir("./file0") = 0 [pid 352] creat("./bus", 000) = 4 [pid 352] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 352] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 352] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 352] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 352] exit_group(0) = ? [pid 352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file1/lost+found") = 0 umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/file0") = 0 umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/file1") = 0 umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file1/file0") = 0 umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file1") = 0 umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file2") = 0 umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file3") = 0 umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = -1 EBUSY (Device or resource busy) umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x555556850660, 24) = 0 [pid 357] chdir("./19") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] write(1, "executing program\n", 18) = 18 [pid 357] memfd_create("syzkaller", 0) = 3 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 357] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 22.637790][ T352] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.668292][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 357] close(3) = 0 [pid 357] close(4) = 0 [pid 357] mkdir("./file1", 0777) = 0 [pid 357] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 357] chdir("./file1") = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 357] ioctl(4, LOOP_CLR_FD) = 0 [pid 357] close(4) = 0 [pid 357] chdir("./file0") = 0 [pid 357] creat("./bus", 000) = 4 [pid 357] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 357] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 357] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 357] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 357] exit_group(0) = ? [pid 357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file1/lost+found") = 0 umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/file0") = 0 umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/file1") = 0 umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file1/file0") = 0 umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file1") = 0 umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file2") = 0 umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file3") = 0 umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = -1 EBUSY (Device or resource busy) [ 22.687710][ T357] loop0: detected capacity change from 0 to 1024 [ 22.694964][ T357] EXT4-fs: Ignoring removed orlov option [ 22.700756][ T357] EXT4-fs: Ignoring removed nomblk_io_submit option [ 22.717900][ T357] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 360 ./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x555556850660, 24) = 0 [pid 360] chdir("./20") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 360] write(1, "executing program\n", 18) = 18 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 360] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("./file1", 0777) = 0 [ 22.751360][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.771147][ T360] loop0: detected capacity change from 0 to 1024 [ 22.779000][ T360] EXT4-fs: Ignoring removed orlov option [ 22.784495][ T360] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 360] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 360] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./file1") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] chdir("./file0") = 0 [pid 360] creat("./bus", 000) = 4 [pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 360] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 360] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 360] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 360] exit_group(0) = ? [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file1/lost+found") = 0 umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./20/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/file0") = 0 umount2("./20/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/file1") = 0 umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file1/file0") = 0 umount2("./20/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file1") = 0 umount2("./20/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file2") = 0 umount2("./20/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file3") = 0 umount2("./20/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = -1 EBUSY (Device or resource busy) [ 22.797561][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x555556850660, 24) = 0 [pid 363] chdir("./21") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] memfd_create("syzkaller", 0) = 3 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 363] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 363] close(3) = 0 [pid 363] close(4) = 0 [pid 363] mkdir("./file1", 0777) = 0 [pid 363] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 363] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 363] chdir("./file1") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_CLR_FD) = 0 [pid 363] close(4) = 0 [pid 363] chdir("./file0") = 0 [pid 363] creat("./bus", 000) = 4 [pid 363] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 363] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 363] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 363] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 363] exit_group(0) = ? [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file1/lost+found") = 0 umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./21/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/file0") = 0 umount2("./21/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/file1") = 0 umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file1/file0") = 0 umount2("./21/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file1") = 0 umount2("./21/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file2") = 0 umount2("./21/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file3") = 0 umount2("./21/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = -1 EBUSY (Device or resource busy) [ 22.827577][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.846378][ T363] loop0: detected capacity change from 0 to 1024 [ 22.853388][ T363] EXT4-fs: Ignoring removed orlov option [ 22.858912][ T363] EXT4-fs: Ignoring removed nomblk_io_submit option [ 22.867957][ T363] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 366 attached , child_tidptr=0x555556850650) = 366 [pid 366] set_robust_list(0x555556850660, 24) = 0 [pid 366] chdir("./22") = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 366] setpgid(0, 0) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 366] write(1, "executing program\n", 18executing program ) = 18 [pid 366] memfd_create("syzkaller", 0) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 366] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 366] close(3) = 0 [pid 366] close(4) = 0 [pid 366] mkdir("./file1", 0777) = 0 [ 22.901369][ T293] EXT4-fs (loop0): unmounting filesystem. [ 22.919527][ T366] loop0: detected capacity change from 0 to 1024 [ 22.926699][ T366] EXT4-fs: Ignoring removed orlov option [ 22.932302][ T366] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 366] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 366] chdir("./file1") = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_CLR_FD) = 0 [pid 366] close(4) = 0 [pid 366] chdir("./file0") = 0 [pid 366] creat("./bus", 000) = 4 [pid 366] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 366] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 366] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 366] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 366] exit_group(0) = ? [pid 366] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/file1/lost+found") = 0 umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./22/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/file0") = 0 umount2("./22/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/file1") = 0 umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/file1/file0") = 0 umount2("./22/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file1") = 0 umount2("./22/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file2") = 0 umount2("./22/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file3") = 0 umount2("./22/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = -1 EBUSY (Device or resource busy) [ 22.947539][ T366] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555556850660, 24) = 0 [pid 369] chdir("./23") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] memfd_create("syzkaller", 0) = 3 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 369] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 369] close(3) = 0 [pid 369] close(4) = 0 [pid 369] mkdir("./file1", 0777) = 0 [ 22.980181][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.000786][ T369] loop0: detected capacity change from 0 to 1024 [ 23.008821][ T369] EXT4-fs: Ignoring removed orlov option [ 23.014441][ T369] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 369] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 369] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 369] chdir("./file1") = 0 [pid 369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 369] ioctl(4, LOOP_CLR_FD) = 0 [pid 369] close(4) = 0 [pid 369] chdir("./file0") = 0 [pid 369] creat("./bus", 000) = 4 [pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 369] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 369] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 369] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 369] exit_group(0) = ? [pid 369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file1/lost+found") = 0 umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./23/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/file0") = 0 umount2("./23/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/file1") = 0 umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file1/file0") = 0 umount2("./23/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file1") = 0 umount2("./23/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file2") = 0 umount2("./23/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file3") = 0 umount2("./23/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = -1 EBUSY (Device or resource busy) umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 372 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x555556850660, 24) = 0 [pid 372] chdir("./24") = 0 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 372] setpgid(0, 0) = 0 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 372] write(3, "1000", 4) = 4 [pid 372] close(3) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 372] write(1, "executing program\n", 18) = 18 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 372] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 372] close(3) = 0 [pid 372] close(4) = 0 [pid 372] mkdir("./file1", 0777) = 0 [ 23.027573][ T369] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.055692][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.072197][ T372] loop0: detected capacity change from 0 to 1024 [pid 372] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 372] chdir("./file1") = 0 [pid 372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 372] ioctl(4, LOOP_CLR_FD) = 0 [pid 372] close(4) = 0 [pid 372] chdir("./file0") = 0 [pid 372] creat("./bus", 000) = 4 [pid 372] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 372] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 372] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 372] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 372] exit_group(0) = ? [pid 372] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=372, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file1/lost+found") = 0 umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./24/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/file0") = 0 umount2("./24/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/file1") = 0 umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file1/file0") = 0 umount2("./24/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file1") = 0 umount2("./24/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file2") = 0 umount2("./24/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file3") = 0 umount2("./24/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = -1 EBUSY (Device or resource busy) [ 23.079157][ T372] EXT4-fs: Ignoring removed orlov option [ 23.084644][ T372] EXT4-fs: Ignoring removed nomblk_io_submit option [ 23.099504][ T372] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 375 ./strace-static-x86_64: Process 375 attached [pid 375] set_robust_list(0x555556850660, 24) = 0 [pid 375] chdir("./25") = 0 [pid 375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 375] setpgid(0, 0) = 0 [pid 375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 375] write(3, "1000", 4) = 4 [pid 375] close(3) = 0 [pid 375] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 375] write(1, "executing program\n", 18) = 18 [pid 375] memfd_create("syzkaller", 0) = 3 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 375] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 375] close(3) = 0 [pid 375] close(4) = 0 [pid 375] mkdir("./file1", 0777) = 0 [ 23.126796][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.146813][ T375] loop0: detected capacity change from 0 to 1024 [ 23.154140][ T375] EXT4-fs: Ignoring removed orlov option [ 23.159969][ T375] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 375] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 375] chdir("./file1") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_CLR_FD) = 0 [pid 375] close(4) = 0 [pid 375] chdir("./file0") = 0 [pid 375] creat("./bus", 000) = 4 [pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 375] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 375] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 375] exit_group(0) = ? [pid 375] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=375, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file1/lost+found") = 0 umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./25/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/file0") = 0 umount2("./25/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/file1") = 0 umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file1/file0") = 0 umount2("./25/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file1") = 0 umount2("./25/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file2") = 0 umount2("./25/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file3") = 0 umount2("./25/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = -1 EBUSY (Device or resource busy) [ 23.177556][ T375] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 378 ./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x555556850660, 24) = 0 executing program [pid 378] chdir("./26") = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 378] setpgid(0, 0) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 378] write(3, "1000", 4) = 4 [pid 378] close(3) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 378] write(1, "executing program\n", 18) = 18 [pid 378] memfd_create("syzkaller", 0) = 3 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 378] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 378] close(3) = 0 [pid 378] close(4) = 0 [pid 378] mkdir("./file1", 0777) = 0 [ 23.210222][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.228122][ T378] loop0: detected capacity change from 0 to 1024 [ 23.235959][ T378] EXT4-fs: Ignoring removed orlov option [ 23.241938][ T378] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 378] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 378] chdir("./file1") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_CLR_FD) = 0 [pid 378] close(4) = 0 [pid 378] chdir("./file0") = 0 [pid 378] creat("./bus", 000) = 4 [pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 378] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 378] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 378] exit_group(0) = ? [pid 378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file1/lost+found") = 0 umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./26/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/file0") = 0 umount2("./26/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/file1") = 0 umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file1/file0") = 0 umount2("./26/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file1") = 0 umount2("./26/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file2") = 0 umount2("./26/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file3") = 0 umount2("./26/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = -1 EBUSY (Device or resource busy) umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 381 ./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x555556850660, 24) = 0 [pid 381] chdir("./27") = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 381] setpgid(0, 0) = 0 [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 381] write(3, "1000", 4) = 4 [pid 381] close(3) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 381] write(1, "executing program\n", 18) = 18 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 381] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.257492][ T378] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.286288][ T293] EXT4-fs (loop0): unmounting filesystem. [pid 381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 381] close(3) = 0 [pid 381] close(4) = 0 [pid 381] mkdir("./file1", 0777) = 0 [pid 381] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 381] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 381] chdir("./file1") = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 381] ioctl(4, LOOP_CLR_FD) = 0 [pid 381] close(4) = 0 [pid 381] chdir("./file0") = 0 [pid 381] creat("./bus", 000) = 4 [pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 381] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 381] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 381] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 381] exit_group(0) = ? [pid 381] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=381, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file1/lost+found") = 0 umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./27/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/file0") = 0 umount2("./27/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/file1") = 0 umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file1/file0") = 0 umount2("./27/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file1") = 0 umount2("./27/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file2") = 0 umount2("./27/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file3") = 0 umount2("./27/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = -1 EBUSY (Device or resource busy) [ 23.305292][ T381] loop0: detected capacity change from 0 to 1024 [ 23.312446][ T381] EXT4-fs: Ignoring removed orlov option [ 23.317971][ T381] EXT4-fs: Ignoring removed nomblk_io_submit option [ 23.327591][ T381] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x555556850660, 24) = 0 [pid 384] chdir("./28") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] write(1, "executing program\n", 18) = 18 [pid 384] memfd_create("syzkaller", 0) = 3 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 384] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 384] close(3) = 0 [pid 384] close(4) = 0 [pid 384] mkdir("./file1", 0777) = 0 [ 23.353535][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.369077][ T384] loop0: detected capacity change from 0 to 1024 [ 23.376008][ T384] EXT4-fs: Ignoring removed orlov option [ 23.381742][ T384] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 384] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 384] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 384] chdir("./file1") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 384] ioctl(4, LOOP_CLR_FD) = 0 [pid 384] close(4) = 0 [pid 384] chdir("./file0") = 0 [pid 384] creat("./bus", 000) = 4 [pid 384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 384] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 384] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 384] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 384] exit_group(0) = ? [pid 384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file1/lost+found") = 0 umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./28/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/file0") = 0 umount2("./28/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/file1") = 0 umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file1/file0") = 0 umount2("./28/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file1") = 0 umount2("./28/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file2") = 0 umount2("./28/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file3") = 0 umount2("./28/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = -1 EBUSY (Device or resource busy) [ 23.397510][ T384] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x555556850660, 24) = 0 [pid 387] chdir("./29") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] write(1, "executing program\n", 18) = 18 [pid 387] memfd_create("syzkaller", 0) = 3 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 387] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 387] close(3) = 0 [pid 387] close(4) = 0 [pid 387] mkdir("./file1", 0777) = 0 [pid 387] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 387] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 23.425160][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.441752][ T387] loop0: detected capacity change from 0 to 1024 [ 23.449269][ T387] EXT4-fs: Ignoring removed orlov option [ 23.454754][ T387] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 387] chdir("./file1") = 0 [pid 387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 387] ioctl(4, LOOP_CLR_FD) = 0 [pid 387] close(4) = 0 [pid 387] chdir("./file0") = 0 [pid 387] creat("./bus", 000) = 4 [pid 387] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 387] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 387] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 387] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 387] exit_group(0) = ? [pid 387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file1/lost+found") = 0 umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./29/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/file0") = 0 umount2("./29/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/file1") = 0 umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file1/file0") = 0 umount2("./29/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file1") = 0 umount2("./29/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file2") = 0 umount2("./29/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file3") = 0 umount2("./29/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = -1 EBUSY (Device or resource busy) [ 23.467603][ T387] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 390 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x555556850660, 24) = 0 [pid 390] chdir("./30") = 0 [pid 390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 390] setpgid(0, 0) = 0 [pid 390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 390] write(3, "1000", 4) = 4 [pid 390] close(3) = 0 [pid 390] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 390] write(1, "executing program\n", 18) = 18 [pid 390] memfd_create("syzkaller", 0) = 3 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 390] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 390] close(3) = 0 [pid 390] close(4) = 0 [pid 390] mkdir("./file1", 0777) = 0 [ 23.501357][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.519716][ T390] loop0: detected capacity change from 0 to 1024 [ 23.526948][ T390] EXT4-fs: Ignoring removed orlov option [ 23.532508][ T390] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 390] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 390] chdir("./file1") = 0 [pid 390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 390] ioctl(4, LOOP_CLR_FD) = 0 [pid 390] close(4) = 0 [pid 390] chdir("./file0") = 0 [pid 390] creat("./bus", 000) = 4 [pid 390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 390] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 390] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 390] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 390] exit_group(0) = ? [pid 390] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=390, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file1/lost+found") = 0 umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./30/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/file0") = 0 umount2("./30/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/file1") = 0 umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file1/file0") = 0 umount2("./30/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file1") = 0 umount2("./30/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file2") = 0 umount2("./30/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file3") = 0 umount2("./30/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = -1 EBUSY (Device or resource busy) [ 23.547483][ T390] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 393 ./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x555556850660, 24) = 0 [pid 393] chdir("./31") = 0 executing program [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] write(1, "executing program\n", 18) = 18 [pid 393] memfd_create("syzkaller", 0) = 3 [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 393] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 393] close(3) = 0 [pid 393] close(4) = 0 [pid 393] mkdir("./file1", 0777) = 0 [pid 393] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 393] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 393] chdir("./file1") = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_CLR_FD) = 0 [pid 393] close(4) = 0 [pid 393] chdir("./file0") = 0 [pid 393] creat("./bus", 000) = 4 [pid 393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 393] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 393] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 393] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 393] exit_group(0) = ? [pid 393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file1/lost+found") = 0 umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./31/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/file0") = 0 umount2("./31/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/file1") = 0 umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file1/file0") = 0 umount2("./31/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file1") = 0 umount2("./31/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file2") = 0 umount2("./31/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file3") = 0 umount2("./31/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = -1 EBUSY (Device or resource busy) umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 397 ./strace-static-x86_64: Process 397 attached [ 23.575689][ T293] EXT4-fs (loop0): unmounting filesystem. [ 23.594823][ T393] loop0: detected capacity change from 0 to 1024 [ 23.602039][ T393] EXT4-fs: Ignoring removed orlov option [ 23.607938][ T393] EXT4-fs: Ignoring removed nomblk_io_submit option [ 23.617511][ T393] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 397] set_robust_list(0x555556850660, 24) = 0 [pid 397] chdir("./32") = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 397] setpgid(0, 0) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 397] write(3, "1000", 4) = 4 [pid 397] close(3) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 397] write(1, "executing program\n", 18executing program ) = 18 [pid 397] memfd_create("syzkaller", 0) = 3 [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 397] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 397] close(3) = 0 [pid 397] close(4) = 0 [pid 397] mkdir("./file1", 0777) = 0 [pid 397] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 397] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 397] chdir("./file1") = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_CLR_FD) = 0 [pid 397] close(4) = 0 [pid 397] chdir("./file0") = 0 [pid 397] creat("./bus", 000) = 4 [pid 397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 397] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 397] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 397] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 397] exit_group(0) = ? [pid 397] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file1/lost+found") = 0 umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./32/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/file0") = 0 umount2("./32/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/file1") = 0 umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file1/file0") = 0 umount2("./32/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file1") = 0 umount2("./32/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file2") = 0 umount2("./32/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file3") = 0 umount2("./32/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = -1 EBUSY (Device or resource busy) umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x555556850660, 24) = 0 [pid 400] chdir("./33") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] write(1, "executing program\n", 18) = 18 [pid 400] memfd_create("syzkaller", 0) = 3 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 23.661913][ T397] loop0: detected capacity change from 0 to 1024 [ 23.669114][ T397] EXT4-fs: Ignoring removed orlov option [ 23.674599][ T397] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 400] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 400] close(3) = 0 [pid 400] close(4) = 0 [pid 400] mkdir("./file1", 0777) = 0 [pid 400] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 400] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 400] chdir("./file1") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 400] ioctl(4, LOOP_CLR_FD) = 0 [pid 400] close(4) = 0 [pid 400] chdir("./file0") = 0 [pid 400] creat("./bus", 000) = 4 [pid 400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 400] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 400] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 400] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 400] exit_group(0) = ? [pid 400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file1/lost+found") = 0 umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./33/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/file0") = 0 umount2("./33/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/file1") = 0 umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file1/file0") = 0 umount2("./33/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file1") = 0 umount2("./33/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file2") = 0 umount2("./33/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file3") = 0 umount2("./33/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = -1 EBUSY (Device or resource busy) umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 403 ./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x555556850660, 24) = 0 [pid 403] chdir("./34") = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 403] setpgid(0, 0) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 403] write(3, "1000", 4) = 4 [pid 403] close(3) = 0 [pid 403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 403] write(1, "executing program\n", 18) = 18 [pid 403] memfd_create("syzkaller", 0) = 3 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 403] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.726953][ T400] loop0: detected capacity change from 0 to 1024 [ 23.734153][ T400] EXT4-fs: Ignoring removed orlov option [ 23.739828][ T400] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 403] close(3) = 0 [pid 403] close(4) = 0 [pid 403] mkdir("./file1", 0777) = 0 [pid 403] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 403] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 403] chdir("./file1") = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 403] ioctl(4, LOOP_CLR_FD) = 0 [pid 403] close(4) = 0 [pid 403] chdir("./file0") = 0 [pid 403] creat("./bus", 000) = 4 [pid 403] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 403] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 403] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 403] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 403] exit_group(0) = ? [pid 403] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=403, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file1/lost+found") = 0 umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./34/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/file0") = 0 umount2("./34/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/file1") = 0 umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file1/file0") = 0 umount2("./34/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file1") = 0 umount2("./34/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file2") = 0 umount2("./34/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file3") = 0 umount2("./34/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = -1 EBUSY (Device or resource busy) umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 406 ./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x555556850660, 24) = 0 [pid 406] chdir("./35") = 0 [pid 406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 406] setpgid(0, 0) = 0 [pid 406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 406] write(3, "1000", 4) = 4 [pid 406] close(3) = 0 [pid 406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 406] write(1, "executing program\n", 18executing program ) = 18 [pid 406] memfd_create("syzkaller", 0) = 3 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 23.787787][ T403] loop0: detected capacity change from 0 to 1024 [ 23.795025][ T403] EXT4-fs: Ignoring removed orlov option [ 23.800611][ T403] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 406] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 406] close(3) = 0 [pid 406] close(4) = 0 [pid 406] mkdir("./file1", 0777) = 0 [pid 406] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 406] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 406] chdir("./file1") = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_CLR_FD) = 0 [pid 406] close(4) = 0 [pid 406] chdir("./file0") = 0 [pid 406] creat("./bus", 000) = 4 [pid 406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 406] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 406] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 406] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 406] exit_group(0) = ? [pid 406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=406, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file1/lost+found") = 0 umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./35/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/file0") = 0 umount2("./35/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/file1") = 0 umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file1/file0") = 0 umount2("./35/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file1") = 0 umount2("./35/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file2") = 0 umount2("./35/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file3") = 0 umount2("./35/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = -1 EBUSY (Device or resource busy) umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x555556850660, 24) = 0 [pid 409] chdir("./36") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] write(1, "executing program\n", 18executing program ) = 18 [pid 409] memfd_create("syzkaller", 0) = 3 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 409] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.849871][ T406] loop0: detected capacity change from 0 to 1024 [ 23.857400][ T406] EXT4-fs: Ignoring removed orlov option [ 23.862887][ T406] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 409] close(3) = 0 [pid 409] close(4) = 0 [pid 409] mkdir("./file1", 0777) = 0 [pid 409] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 409] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 409] chdir("./file1") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_CLR_FD) = 0 [pid 409] close(4) = 0 [pid 409] chdir("./file0") = 0 [pid 409] creat("./bus", 000) = 4 [pid 409] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 409] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 409] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 409] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 409] exit_group(0) = ? [pid 409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=409, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file1/lost+found") = 0 umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./36/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/file0") = 0 umount2("./36/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/file1") = 0 umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file1/file0") = 0 umount2("./36/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file1") = 0 umount2("./36/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file2") = 0 umount2("./36/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file3") = 0 umount2("./36/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = -1 EBUSY (Device or resource busy) umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 [ 23.908331][ T409] loop0: detected capacity change from 0 to 1024 [ 23.915986][ T409] EXT4-fs: Ignoring removed orlov option [ 23.921604][ T409] EXT4-fs: Ignoring removed nomblk_io_submit option openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 412 ./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x555556850660, 24) = 0 [pid 412] chdir("./37") = 0 [pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 412] setpgid(0, 0) = 0 [pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 412] write(3, "1000", 4) = 4 [pid 412] close(3) = 0 [pid 412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 412] write(1, "executing program\n", 18executing program ) = 18 [pid 412] memfd_create("syzkaller", 0) = 3 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 412] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 412] close(3) = 0 [pid 412] close(4) = 0 [pid 412] mkdir("./file1", 0777) = 0 [pid 412] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 412] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 412] chdir("./file1") = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 412] ioctl(4, LOOP_CLR_FD) = 0 [pid 412] close(4) = 0 [pid 412] chdir("./file0") = 0 [pid 412] creat("./bus", 000) = 4 [pid 412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 412] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 412] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 412] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 412] exit_group(0) = ? [pid 412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file1/lost+found") = 0 umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./37/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/file0") = 0 umount2("./37/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/file1") = 0 umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file1/file0") = 0 umount2("./37/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file1") = 0 umount2("./37/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file2") = 0 umount2("./37/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file3") = 0 umount2("./37/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = -1 EBUSY (Device or resource busy) umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x555556850660, 24) = 0 [pid 415] chdir("./38") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 415] write(1, "executing program\n", 18) = 18 [pid 415] memfd_create("syzkaller", 0) = 3 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 415] munmap(0x7f9cfca3c000, 138412032) = 0 [ 23.977896][ T412] loop0: detected capacity change from 0 to 1024 [ 23.985827][ T412] EXT4-fs: Ignoring removed orlov option [ 23.991693][ T412] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 415] close(3) = 0 [pid 415] close(4) = 0 [pid 415] mkdir("./file1", 0777) = 0 [pid 415] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 415] chdir("./file1") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_CLR_FD) = 0 [pid 415] close(4) = 0 [pid 415] chdir("./file0") = 0 [pid 415] creat("./bus", 000) = 4 [pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 415] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 415] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 415] exit_group(0) = ? [pid 415] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file1/lost+found") = 0 umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./38/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/file0") = 0 umount2("./38/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/file1") = 0 umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file1/file0") = 0 umount2("./38/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file1") = 0 umount2("./38/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file2") = 0 umount2("./38/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file3") = 0 umount2("./38/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = -1 EBUSY (Device or resource busy) [ 24.039465][ T415] loop0: detected capacity change from 0 to 1024 [ 24.047408][ T415] EXT4-fs: Ignoring removed orlov option [ 24.052942][ T415] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 418 ./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x555556850660, 24) = 0 [pid 418] chdir("./39") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3) = 0 [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] write(1, "executing program\n", 18executing program ) = 18 [pid 418] memfd_create("syzkaller", 0) = 3 [pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 418] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 418] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 418] close(3) = 0 [pid 418] close(4) = 0 [pid 418] mkdir("./file1", 0777) = 0 [pid 418] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 418] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 418] chdir("./file1") = 0 [pid 418] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 418] ioctl(4, LOOP_CLR_FD) = 0 [pid 418] close(4) = 0 [pid 418] chdir("./file0") = 0 [pid 418] creat("./bus", 000) = 4 [pid 418] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 418] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 418] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 418] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 418] exit_group(0) = ? [pid 418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file1/lost+found") = 0 umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./39/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/file0") = 0 umount2("./39/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/file1") = 0 umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file1/file0") = 0 umount2("./39/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file1") = 0 umount2("./39/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file2") = 0 umount2("./39/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file3") = 0 umount2("./39/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = -1 EBUSY (Device or resource busy) umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 421 ./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x555556850660, 24) = 0 [pid 421] chdir("./40") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 421] write(1, "executing program\n", 18) = 18 [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 421] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.113387][ T418] loop0: detected capacity change from 0 to 1024 [ 24.120816][ T418] EXT4-fs: Ignoring removed orlov option [ 24.126679][ T418] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 421] close(3) = 0 [pid 421] close(4) = 0 [pid 421] mkdir("./file1", 0777) = 0 [pid 421] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 421] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file1") = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] chdir("./file0") = 0 [pid 421] creat("./bus", 000) = 4 [pid 421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 421] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 421] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 421] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 421] exit_group(0) = ? [pid 421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file1/lost+found") = 0 umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./40/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/file0") = 0 umount2("./40/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/file1") = 0 umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file1/file0") = 0 umount2("./40/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file1") = 0 umount2("./40/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file2") = 0 umount2("./40/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file3") = 0 umount2("./40/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = -1 EBUSY (Device or resource busy) umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x555556850660, 24) = 0 [pid 424] chdir("./41") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] write(1, "executing program\n", 18executing program ) = 18 [pid 424] memfd_create("syzkaller", 0) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 424] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.169037][ T421] loop0: detected capacity change from 0 to 1024 [ 24.176797][ T421] EXT4-fs: Ignoring removed orlov option [ 24.182355][ T421] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 424] close(3) = 0 [pid 424] close(4) = 0 [pid 424] mkdir("./file1", 0777) = 0 [pid 424] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 424] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./file1") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] chdir("./file0") = 0 [pid 424] creat("./bus", 000) = 4 [pid 424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 424] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 424] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 424] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 424] exit_group(0) = ? [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file1/lost+found") = 0 umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./41/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/file0") = 0 umount2("./41/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/file1") = 0 umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file1/file0") = 0 umount2("./41/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file1") = 0 umount2("./41/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file2") = 0 umount2("./41/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file3") = 0 umount2("./41/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = -1 EBUSY (Device or resource busy) umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x555556850660, 24) = 0 [pid 427] chdir("./42") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 427] write(1, "executing program\n", 18) = 18 [pid 427] memfd_create("syzkaller", 0) = 3 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 427] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.229998][ T424] loop0: detected capacity change from 0 to 1024 [ 24.239812][ T424] EXT4-fs: Ignoring removed orlov option [ 24.245292][ T424] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 427] close(3) = 0 [pid 427] close(4) = 0 [pid 427] mkdir("./file1", 0777) = 0 [pid 427] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 427] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 427] chdir("./file1") = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] close(4) = 0 [pid 427] chdir("./file0") = 0 [pid 427] creat("./bus", 000) = 4 [pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 427] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 427] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 427] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 427] exit_group(0) = ? [pid 427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file1/lost+found") = 0 umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./42/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/file0") = 0 umount2("./42/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/file1") = 0 umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file1/file0") = 0 umount2("./42/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file1") = 0 umount2("./42/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file2") = 0 umount2("./42/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file3") = 0 umount2("./42/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = -1 EBUSY (Device or resource busy) umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x555556850660, 24) = 0 [pid 430] chdir("./43") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 executing program [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18) = 18 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 430] munmap(0x7f9cfca3c000, 138412032) = 0 [ 24.290563][ T427] loop0: detected capacity change from 0 to 1024 [ 24.297893][ T427] EXT4-fs: Ignoring removed orlov option [ 24.303383][ T427] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 430] close(3) = 0 [pid 430] close(4) = 0 [pid 430] mkdir("./file1", 0777) = 0 [pid 430] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 430] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 430] chdir("./file1") = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 430] ioctl(4, LOOP_CLR_FD) = 0 [pid 430] close(4) = 0 [pid 430] chdir("./file0") = 0 [pid 430] creat("./bus", 000) = 4 [pid 430] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 430] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 430] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 430] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 430] exit_group(0) = ? [pid 430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file1/lost+found") = 0 umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./43/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/file0") = 0 umount2("./43/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/file1") = 0 umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file1/file0") = 0 umount2("./43/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file1") = 0 umount2("./43/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file2") = 0 umount2("./43/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file3") = 0 umount2("./43/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = -1 EBUSY (Device or resource busy) umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x555556850660, 24) = 0 [pid 433] chdir("./44") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] write(1, "executing program\n", 18) = 18 [pid 433] memfd_create("syzkaller", 0) = 3 [pid 433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 24.351892][ T430] loop0: detected capacity change from 0 to 1024 [ 24.359352][ T430] EXT4-fs: Ignoring removed orlov option [ 24.364846][ T430] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 433] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 433] close(3) = 0 [pid 433] close(4) = 0 [pid 433] mkdir("./file1", 0777) = 0 [pid 433] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 433] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 433] chdir("./file1") = 0 [pid 433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 433] ioctl(4, LOOP_CLR_FD) = 0 [pid 433] close(4) = 0 [pid 433] chdir("./file0") = 0 [pid 433] creat("./bus", 000) = 4 [pid 433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 433] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 433] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 433] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 433] exit_group(0) = ? [pid 433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file1/lost+found") = 0 umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./44/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/file0") = 0 umount2("./44/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/file1") = 0 umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file1/file0") = 0 umount2("./44/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file1") = 0 umount2("./44/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file2") = 0 umount2("./44/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file3") = 0 umount2("./44/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = -1 EBUSY (Device or resource busy) umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 436 ./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x555556850660, 24) = 0 [pid 436] chdir("./45") = 0 [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 436] setpgid(0, 0) = 0 [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 436] write(3, "1000", 4) = 4 [pid 436] close(3) = 0 [pid 436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 436] write(1, "executing program\n", 18) = 18 [pid 436] memfd_create("syzkaller", 0) = 3 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 436] munmap(0x7f9cfca3c000, 138412032) = 0 [ 24.416731][ T433] loop0: detected capacity change from 0 to 1024 [ 24.424762][ T433] EXT4-fs: Ignoring removed orlov option [ 24.430423][ T433] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 436] close(3) = 0 [pid 436] close(4) = 0 [pid 436] mkdir("./file1", 0777) = 0 [pid 436] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 436] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 436] chdir("./file1") = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_CLR_FD) = 0 [pid 436] close(4) = 0 [pid 436] chdir("./file0") = 0 [pid 436] creat("./bus", 000) = 4 [pid 436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 436] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 436] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 436] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 436] exit_group(0) = ? [pid 436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file1/lost+found") = 0 umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./45/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/file0") = 0 umount2("./45/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/file1") = 0 umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file1/file0") = 0 umount2("./45/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file1") = 0 umount2("./45/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file2") = 0 umount2("./45/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file3") = 0 umount2("./45/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = -1 EBUSY (Device or resource busy) [ 24.477830][ T436] loop0: detected capacity change from 0 to 1024 [ 24.485176][ T436] EXT4-fs: Ignoring removed orlov option [ 24.490713][ T436] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x555556850660, 24) = 0 [pid 439] chdir("./46") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18) = 18 [pid 439] memfd_create("syzkaller", 0) = 3 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 439] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 439] close(3) = 0 [pid 439] close(4) = 0 [pid 439] mkdir("./file1", 0777) = 0 [pid 439] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 439] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 439] chdir("./file1") = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 439] ioctl(4, LOOP_CLR_FD) = 0 [pid 439] close(4) = 0 [pid 439] chdir("./file0") = 0 [pid 439] creat("./bus", 000) = 4 [pid 439] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 439] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 439] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 439] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 439] exit_group(0) = ? [pid 439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file1/lost+found") = 0 umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./46/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/file0") = 0 umount2("./46/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/file1") = 0 umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file1/file0") = 0 umount2("./46/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file1") = 0 umount2("./46/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file2") = 0 umount2("./46/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file3") = 0 umount2("./46/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = -1 EBUSY (Device or resource busy) umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 442 ./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x555556850660, 24) = 0 [pid 442] chdir("./47") = 0 [pid 442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 442] setpgid(0, 0) = 0 [pid 442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 442] write(3, "1000", 4) = 4 [pid 442] close(3) = 0 [pid 442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 442] write(1, "executing program\n", 18executing program ) = 18 [pid 442] memfd_create("syzkaller", 0) = 3 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 24.553911][ T439] loop0: detected capacity change from 0 to 1024 [ 24.561325][ T439] EXT4-fs: Ignoring removed orlov option [ 24.566870][ T439] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 442] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 442] close(3) = 0 [pid 442] close(4) = 0 [pid 442] mkdir("./file1", 0777) = 0 [pid 442] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 442] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 442] chdir("./file1") = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 442] ioctl(4, LOOP_CLR_FD) = 0 [pid 442] close(4) = 0 [pid 442] chdir("./file0") = 0 [pid 442] creat("./bus", 000) = 4 [pid 442] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 442] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 442] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 442] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 442] exit_group(0) = ? [pid 442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=442, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file1/lost+found") = 0 umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./47/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/file0") = 0 umount2("./47/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/file1") = 0 umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file1/file0") = 0 umount2("./47/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file1") = 0 umount2("./47/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file2") = 0 umount2("./47/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file3") = 0 umount2("./47/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = -1 EBUSY (Device or resource busy) [ 24.618186][ T442] loop0: detected capacity change from 0 to 1024 [ 24.626131][ T442] EXT4-fs: Ignoring removed orlov option [ 24.631745][ T442] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 446 ./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x555556850660, 24) = 0 [pid 446] chdir("./48") = 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 446] setpgid(0, 0) = 0 [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 446] write(3, "1000", 4) = 4 [pid 446] close(3) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] write(1, "executing program\n", 18) = 18 [pid 446] memfd_create("syzkaller", 0) = 3 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 446] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 446] close(3) = 0 [pid 446] close(4) = 0 [pid 446] mkdir("./file1", 0777) = 0 [pid 446] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 446] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 446] chdir("./file1") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_CLR_FD) = 0 [pid 446] close(4) = 0 [pid 446] chdir("./file0") = 0 [pid 446] creat("./bus", 000) = 4 [pid 446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 446] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 446] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 446] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 446] exit_group(0) = ? [pid 446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=446, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/file1/lost+found") = 0 umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./48/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file0/file0") = 0 umount2("./48/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file0/file1") = 0 umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./48/file1/file0") = 0 umount2("./48/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file1") = 0 umount2("./48/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file2") = 0 umount2("./48/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file3") = 0 umount2("./48/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = -1 EBUSY (Device or resource busy) umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 449 ./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x555556850660, 24) = 0 [pid 449] chdir("./49") = 0 [pid 449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 449] setpgid(0, 0) = 0 [pid 449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 449] write(3, "1000", 4) = 4 [pid 449] close(3) = 0 [pid 449] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 449] write(1, "executing program\n", 18) = 18 [pid 449] memfd_create("syzkaller", 0) = 3 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 449] munmap(0x7f9cfca3c000, 138412032) = 0 [ 24.694419][ T446] loop0: detected capacity change from 0 to 1024 [ 24.702531][ T446] EXT4-fs: Ignoring removed orlov option [ 24.708280][ T446] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 449] close(3) = 0 [pid 449] close(4) = 0 [pid 449] mkdir("./file1", 0777) = 0 [pid 449] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 449] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 449] chdir("./file1") = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 449] ioctl(4, LOOP_CLR_FD) = 0 [pid 449] close(4) = 0 [pid 449] chdir("./file0") = 0 [pid 449] creat("./bus", 000) = 4 [pid 449] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 449] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 449] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 449] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 449] exit_group(0) = ? [pid 449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=449, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./49/file1/lost+found") = 0 umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./49/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/file1/file0/file0") = 0 umount2("./49/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/file1/file0/file1") = 0 umount2("./49/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./49/file1/file0") = 0 umount2("./49/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/file1/file1") = 0 umount2("./49/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/file1/file2") = 0 umount2("./49/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 24.755837][ T449] loop0: detected capacity change from 0 to 1024 [ 24.763194][ T449] EXT4-fs: Ignoring removed orlov option [ 24.769255][ T449] EXT4-fs: Ignoring removed nomblk_io_submit option unlink("./49/file1/file3") = 0 umount2("./49/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = -1 EBUSY (Device or resource busy) umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x555556850660, 24) = 0 [pid 452] chdir("./50") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 452] write(1, "executing program\n", 18executing program ) = 18 [pid 452] memfd_create("syzkaller", 0) = 3 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 452] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 452] close(3) = 0 [pid 452] close(4) = 0 [pid 452] mkdir("./file1", 0777) = 0 [pid 452] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 452] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 452] chdir("./file1") = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_CLR_FD) = 0 [pid 452] close(4) = 0 [pid 452] chdir("./file0") = 0 [pid 452] creat("./bus", 000) = 4 [pid 452] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 452] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 452] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 452] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 452] exit_group(0) = ? [pid 452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./50/file1/lost+found") = 0 umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./50/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/file1/file0/file0") = 0 umount2("./50/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/file1/file0/file1") = 0 umount2("./50/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./50/file1/file0") = 0 umount2("./50/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/file1/file1") = 0 umount2("./50/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/file1/file2") = 0 umount2("./50/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/file1/file3") = 0 umount2("./50/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = -1 EBUSY (Device or resource busy) [ 24.835809][ T452] loop0: detected capacity change from 0 to 1024 [ 24.844549][ T452] EXT4-fs: Ignoring removed orlov option [ 24.850150][ T452] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x555556850660, 24) = 0 [pid 455] chdir("./51") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 455] write(1, "executing program\n", 18) = 18 [pid 455] memfd_create("syzkaller", 0) = 3 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 455] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 455] close(3) = 0 [pid 455] close(4) = 0 [pid 455] mkdir("./file1", 0777) = 0 [pid 455] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 455] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 455] chdir("./file1") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_CLR_FD) = 0 [pid 455] close(4) = 0 [pid 455] chdir("./file0") = 0 [pid 455] creat("./bus", 000) = 4 [pid 455] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 455] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 455] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 455] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 455] exit_group(0) = ? [pid 455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./51/file1/lost+found") = 0 umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./51/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/file1/file0/file0") = 0 umount2("./51/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/file1/file0/file1") = 0 umount2("./51/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./51/file1/file0") = 0 umount2("./51/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/file1/file1") = 0 umount2("./51/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/file1/file2") = 0 umount2("./51/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/file1/file3") = 0 umount2("./51/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = -1 EBUSY (Device or resource busy) umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 458 ./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x555556850660, 24) = 0 [pid 458] chdir("./52") = 0 [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 24.911012][ T455] loop0: detected capacity change from 0 to 1024 [ 24.919163][ T455] EXT4-fs: Ignoring removed orlov option [ 24.924715][ T455] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 458] setpgid(0, 0executing program ) = 0 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 458] write(3, "1000", 4) = 4 [pid 458] close(3) = 0 [pid 458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 458] write(1, "executing program\n", 18) = 18 [pid 458] memfd_create("syzkaller", 0) = 3 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 458] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 458] close(3) = 0 [pid 458] close(4) = 0 [pid 458] mkdir("./file1", 0777) = 0 [pid 458] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 458] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 458] chdir("./file1") = 0 [pid 458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 458] ioctl(4, LOOP_CLR_FD) = 0 [pid 458] close(4) = 0 [pid 458] chdir("./file0") = 0 [pid 458] creat("./bus", 000) = 4 [pid 458] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 458] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 458] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 458] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 458] exit_group(0) = ? [pid 458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=458, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./52/file1/lost+found") = 0 umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./52/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/file1/file0/file0") = 0 umount2("./52/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/file1/file0/file1") = 0 umount2("./52/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./52/file1/file0") = 0 umount2("./52/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/file1/file1") = 0 umount2("./52/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/file1/file2") = 0 umount2("./52/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/file1/file3") = 0 umount2("./52/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = -1 EBUSY (Device or resource busy) [ 24.976678][ T458] loop0: detected capacity change from 0 to 1024 [ 24.984186][ T458] EXT4-fs: Ignoring removed orlov option [ 24.990330][ T458] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 462 ./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x555556850660, 24) = 0 [pid 462] chdir("./53") = 0 [pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 462] setpgid(0, 0) = 0 [pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 462] write(3, "1000", 4) = 4 [pid 462] close(3) = 0 [pid 462] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 462] write(1, "executing program\n", 18) = 18 [pid 462] memfd_create("syzkaller", 0) = 3 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 462] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 462] close(3) = 0 [pid 462] close(4) = 0 [pid 462] mkdir("./file1", 0777) = 0 [pid 462] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 462] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 462] chdir("./file1") = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_CLR_FD) = 0 [pid 462] close(4) = 0 [pid 462] chdir("./file0") = 0 [pid 462] creat("./bus", 000) = 4 [pid 462] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 462] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 462] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 462] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 462] exit_group(0) = ? [pid 462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./53/file1/lost+found") = 0 umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./53/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/file1/file0/file0") = 0 umount2("./53/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/file1/file0/file1") = 0 umount2("./53/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./53/file1/file0") = 0 umount2("./53/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/file1/file1") = 0 umount2("./53/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/file1/file2") = 0 umount2("./53/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/file1/file3") = 0 umount2("./53/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = -1 EBUSY (Device or resource busy) umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x555556850660, 24) = 0 [pid 465] chdir("./54") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] write(1, "executing program\n", 18executing program ) = 18 [pid 465] memfd_create("syzkaller", 0) = 3 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 465] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.044310][ T462] loop0: detected capacity change from 0 to 1024 [ 25.051619][ T462] EXT4-fs: Ignoring removed orlov option [ 25.057168][ T462] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 465] close(3) = 0 [pid 465] close(4) = 0 [pid 465] mkdir("./file1", 0777) = 0 [pid 465] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 465] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 465] chdir("./file1") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_CLR_FD) = 0 [pid 465] close(4) = 0 [pid 465] chdir("./file0") = 0 [pid 465] creat("./bus", 000) = 4 [pid 465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 465] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 465] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 465] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 465] exit_group(0) = ? [pid 465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./54/file1/lost+found") = 0 umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./54/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/file1/file0/file0") = 0 umount2("./54/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/file1/file0/file1") = 0 umount2("./54/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./54/file1/file0") = 0 umount2("./54/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/file1/file1") = 0 umount2("./54/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/file1/file2") = 0 umount2("./54/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/file1/file3") = 0 umount2("./54/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = -1 EBUSY (Device or resource busy) umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 468 ./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x555556850660, 24) = 0 [pid 468] chdir("./55") = 0 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] setpgid(0, 0) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 468] write(3, "1000", 4) = 4 [pid 468] close(3) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 468] write(1, "executing program\n", 18) = 18 [pid 468] memfd_create("syzkaller", 0) = 3 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 25.098870][ T465] loop0: detected capacity change from 0 to 1024 [ 25.105957][ T465] EXT4-fs: Ignoring removed orlov option [ 25.111619][ T465] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 468] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 468] close(3) = 0 [pid 468] close(4) = 0 [pid 468] mkdir("./file1", 0777) = 0 [pid 468] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 468] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 468] chdir("./file1") = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_CLR_FD) = 0 [pid 468] close(4) = 0 [pid 468] chdir("./file0") = 0 [pid 468] creat("./bus", 000) = 4 [pid 468] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 468] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 468] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 468] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 468] exit_group(0) = ? [pid 468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./55/file1/lost+found") = 0 umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./55/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/file1/file0/file0") = 0 umount2("./55/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/file1/file0/file1") = 0 umount2("./55/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./55/file1/file0") = 0 umount2("./55/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/file1/file1") = 0 umount2("./55/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/file1/file2") = 0 umount2("./55/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/file1/file3") = 0 umount2("./55/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = -1 EBUSY (Device or resource busy) umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 471 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x555556850660, 24) = 0 [pid 471] chdir("./56") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 471] write(3, "1000", 4) = 4 [pid 471] close(3) = 0 [pid 471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 471] write(1, "executing program\n", 18executing program ) = 18 [pid 471] memfd_create("syzkaller", 0) = 3 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 471] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.164129][ T468] loop0: detected capacity change from 0 to 1024 [ 25.172990][ T468] EXT4-fs: Ignoring removed orlov option [ 25.178804][ T468] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 471] close(3) = 0 [pid 471] close(4) = 0 [pid 471] mkdir("./file1", 0777) = 0 [pid 471] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 471] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 471] chdir("./file1") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 471] ioctl(4, LOOP_CLR_FD) = 0 [pid 471] close(4) = 0 [pid 471] chdir("./file0") = 0 [pid 471] creat("./bus", 000) = 4 [pid 471] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 471] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 471] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 471] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 471] exit_group(0) = ? [pid 471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./56/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./56/file1/lost+found") = 0 umount2("./56/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./56/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/file1/file0/file0") = 0 umount2("./56/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/file1/file0/file1") = 0 umount2("./56/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./56/file1/file0") = 0 umount2("./56/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/file1/file1") = 0 umount2("./56/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/file1/file2") = 0 umount2("./56/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/file1/file3") = 0 umount2("./56/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = -1 EBUSY (Device or resource busy) umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 25.220985][ T471] loop0: detected capacity change from 0 to 1024 [ 25.228816][ T471] EXT4-fs: Ignoring removed orlov option [ 25.234423][ T471] EXT4-fs: Ignoring removed nomblk_io_submit option close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 474 ./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x555556850660, 24) = 0 [pid 474] chdir("./57") = 0 [pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 474] setpgid(0, 0) = 0 [pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 474] write(3, "1000", 4) = 4 [pid 474] close(3) = 0 [pid 474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 474] write(1, "executing program\n", 18executing program ) = 18 [pid 474] memfd_create("syzkaller", 0) = 3 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 474] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 474] close(3) = 0 [pid 474] close(4) = 0 [pid 474] mkdir("./file1", 0777) = 0 [pid 474] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 474] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 474] chdir("./file1") = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 474] ioctl(4, LOOP_CLR_FD) = 0 [pid 474] close(4) = 0 [pid 474] chdir("./file0") = 0 [pid 474] creat("./bus", 000) = 4 [pid 474] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 474] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 474] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 474] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 474] exit_group(0) = ? [pid 474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./57/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./57/file1/lost+found") = 0 umount2("./57/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./57/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/file1/file0/file0") = 0 umount2("./57/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/file1/file0/file1") = 0 umount2("./57/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./57/file1/file0") = 0 umount2("./57/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/file1/file1") = 0 umount2("./57/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/file1/file2") = 0 umount2("./57/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/file1/file3") = 0 umount2("./57/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = -1 EBUSY (Device or resource busy) umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x555556850660, 24) = 0 [pid 477] chdir("./58") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 477] write(1, "executing program\n", 18executing program ) = 18 [pid 477] memfd_create("syzkaller", 0) = 3 [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 477] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.290509][ T474] loop0: detected capacity change from 0 to 1024 [ 25.297735][ T474] EXT4-fs: Ignoring removed orlov option [ 25.303226][ T474] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 477] close(3) = 0 [pid 477] close(4) = 0 [pid 477] mkdir("./file1", 0777) = 0 [pid 477] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 477] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 477] chdir("./file1") = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 477] ioctl(4, LOOP_CLR_FD) = 0 [pid 477] close(4) = 0 [pid 477] chdir("./file0") = 0 [pid 477] creat("./bus", 000) = 4 [pid 477] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 477] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 477] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 477] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 477] exit_group(0) = ? [pid 477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./58/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./58/file1/lost+found") = 0 umount2("./58/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./58/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/file1/file0/file0") = 0 umount2("./58/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/file1/file0/file1") = 0 umount2("./58/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./58/file1/file0") = 0 umount2("./58/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/file1/file1") = 0 umount2("./58/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/file1/file2") = 0 umount2("./58/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/file1/file3") = 0 umount2("./58/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = -1 EBUSY (Device or resource busy) umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 480 ./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x555556850660, 24) = 0 [pid 480] chdir("./59") = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 480] write(1, "executing program\n", 18executing program ) = 18 [pid 480] memfd_create("syzkaller", 0) = 3 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 25.350841][ T477] loop0: detected capacity change from 0 to 1024 [ 25.358544][ T477] EXT4-fs: Ignoring removed orlov option [ 25.364051][ T477] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 480] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 480] close(3) = 0 [pid 480] close(4) = 0 [pid 480] mkdir("./file1", 0777) = 0 [pid 480] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 480] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 480] chdir("./file1") = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 480] ioctl(4, LOOP_CLR_FD) = 0 [pid 480] close(4) = 0 [pid 480] chdir("./file0") = 0 [pid 480] creat("./bus", 000) = 4 [pid 480] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 480] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 480] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 480] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 480] exit_group(0) = ? [pid 480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./59/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./59/file1/lost+found") = 0 umount2("./59/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./59/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/file1/file0/file0") = 0 umount2("./59/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/file1/file0/file1") = 0 umount2("./59/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./59/file1/file0") = 0 umount2("./59/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/file1/file1") = 0 umount2("./59/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/file1/file2") = 0 umount2("./59/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/file1/file3") = 0 umount2("./59/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = -1 EBUSY (Device or resource busy) umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 483 ./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x555556850660, 24) = 0 [pid 483] chdir("./60") = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 483] write(1, "executing program\n", 18) = 18 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 25.413508][ T480] loop0: detected capacity change from 0 to 1024 [ 25.421118][ T480] EXT4-fs: Ignoring removed orlov option [ 25.426782][ T480] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 483] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 483] close(3) = 0 [pid 483] close(4) = 0 [pid 483] mkdir("./file1", 0777) = 0 [pid 483] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 483] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 483] chdir("./file1") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_CLR_FD) = 0 [pid 483] close(4) = 0 [pid 483] chdir("./file0") = 0 [pid 483] creat("./bus", 000) = 4 [pid 483] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 483] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 483] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 483] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 483] exit_group(0) = ? [pid 483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=483, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./60/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./60/file1/lost+found") = 0 umount2("./60/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./60/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/file1/file0/file0") = 0 umount2("./60/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/file1/file0/file1") = 0 umount2("./60/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./60/file1/file0") = 0 umount2("./60/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/file1/file1") = 0 umount2("./60/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/file1/file2") = 0 umount2("./60/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/file1/file3") = 0 umount2("./60/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = -1 EBUSY (Device or resource busy) umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 [ 25.475477][ T483] loop0: detected capacity change from 0 to 1024 [ 25.484499][ T483] EXT4-fs: Ignoring removed orlov option [ 25.490095][ T483] EXT4-fs: Ignoring removed nomblk_io_submit option mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 486 ./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x555556850660, 24) = 0 [pid 486] chdir("./61") = 0 [pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 486] setpgid(0, 0) = 0 [pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 486] write(3, "1000", 4) = 4 [pid 486] close(3) = 0 [pid 486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 486] write(1, "executing program\n", 18executing program ) = 18 [pid 486] memfd_create("syzkaller", 0) = 3 [pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 486] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 486] close(3) = 0 [pid 486] close(4) = 0 [pid 486] mkdir("./file1", 0777) = 0 [pid 486] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 486] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 486] chdir("./file1") = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 486] ioctl(4, LOOP_CLR_FD) = 0 [pid 486] close(4) = 0 [pid 486] chdir("./file0") = 0 [pid 486] creat("./bus", 000) = 4 [pid 486] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 486] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 486] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 486] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 486] exit_group(0) = ? [pid 486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=486, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./61/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./61/file1/lost+found") = 0 umount2("./61/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./61/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/file1/file0/file0") = 0 umount2("./61/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/file1/file0/file1") = 0 umount2("./61/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./61/file1/file0") = 0 umount2("./61/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/file1/file1") = 0 umount2("./61/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/file1/file2") = 0 umount2("./61/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/file1/file3") = 0 umount2("./61/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = -1 EBUSY (Device or resource busy) umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 [ 25.546229][ T486] loop0: detected capacity change from 0 to 1024 [ 25.554298][ T486] EXT4-fs: Ignoring removed orlov option [ 25.560079][ T486] EXT4-fs: Ignoring removed nomblk_io_submit option mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x555556850660, 24) = 0 [pid 489] chdir("./62") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] write(1, "executing program\n", 18executing program ) = 18 [pid 489] memfd_create("syzkaller", 0) = 3 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 489] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 489] close(3) = 0 [pid 489] close(4) = 0 [pid 489] mkdir("./file1", 0777) = 0 [pid 489] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 489] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 489] chdir("./file1") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 489] ioctl(4, LOOP_CLR_FD) = 0 [pid 489] close(4) = 0 [pid 489] chdir("./file0") = 0 [pid 489] creat("./bus", 000) = 4 [pid 489] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 489] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 489] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 489] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 489] exit_group(0) = ? [pid 489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./62/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./62/file1/lost+found") = 0 umount2("./62/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./62/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/file1/file0/file0") = 0 umount2("./62/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/file1/file0/file1") = 0 umount2("./62/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./62/file1/file0") = 0 umount2("./62/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/file1/file1") = 0 umount2("./62/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/file1/file2") = 0 umount2("./62/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/file1/file3") = 0 [ 25.616699][ T489] loop0: detected capacity change from 0 to 1024 [ 25.624445][ T489] EXT4-fs: Ignoring removed orlov option [ 25.630061][ T489] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./62/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = -1 EBUSY (Device or resource busy) umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 493 ./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x555556850660, 24) = 0 [pid 493] chdir("./63") = 0 [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 493] write(1, "executing program\n", 18) = 18 [pid 493] memfd_create("syzkaller", 0) = 3 [pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 493] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 493] close(3) = 0 [pid 493] close(4) = 0 [pid 493] mkdir("./file1", 0777) = 0 [pid 493] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 493] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 493] chdir("./file1") = 0 [pid 493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 493] ioctl(4, LOOP_CLR_FD) = 0 [pid 493] close(4) = 0 [pid 493] chdir("./file0") = 0 [pid 493] creat("./bus", 000) = 4 [pid 493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 493] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 493] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 493] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 493] exit_group(0) = ? [pid 493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./63/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./63/file1/lost+found") = 0 umount2("./63/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./63/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/file1/file0/file0") = 0 umount2("./63/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/file1/file0/file1") = 0 umount2("./63/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./63/file1/file0") = 0 umount2("./63/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/file1/file1") = 0 umount2("./63/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/file1/file2") = 0 umount2("./63/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/file1/file3") = 0 umount2("./63/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = -1 EBUSY (Device or resource busy) umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 496 ./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x555556850660, 24) = 0 [pid 496] chdir("./64") = 0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 496] setpgid(0, 0) = 0 [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 496] write(3, "1000", 4) = 4 [pid 496] close(3) = 0 [pid 496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 496] write(1, "executing program\n", 18executing program ) = 18 [pid 496] memfd_create("syzkaller", 0) = 3 [ 25.692144][ T493] loop0: detected capacity change from 0 to 1024 [ 25.699770][ T493] EXT4-fs: Ignoring removed orlov option [ 25.705477][ T493] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 496] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 496] close(3) = 0 [pid 496] close(4) = 0 [pid 496] mkdir("./file1", 0777) = 0 [pid 496] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 496] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 496] chdir("./file1") = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 496] ioctl(4, LOOP_CLR_FD) = 0 [pid 496] close(4) = 0 [pid 496] chdir("./file0") = 0 [pid 496] creat("./bus", 000) = 4 [pid 496] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 496] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 496] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 496] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 496] exit_group(0) = ? [pid 496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./64/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./64/file1/lost+found") = 0 umount2("./64/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./64/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/file1/file0/file0") = 0 umount2("./64/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/file1/file0/file1") = 0 umount2("./64/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./64/file1/file0") = 0 umount2("./64/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/file1/file1") = 0 umount2("./64/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/file1/file2") = 0 umount2("./64/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/file1/file3") = 0 umount2("./64/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = -1 EBUSY (Device or resource busy) umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x555556850660, 24) = 0 [pid 499] chdir("./65") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] write(1, "executing program\n", 18executing program ) = 18 [pid 499] memfd_create("syzkaller", 0) = 3 [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 499] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.755669][ T496] loop0: detected capacity change from 0 to 1024 [ 25.762751][ T496] EXT4-fs: Ignoring removed orlov option [ 25.768318][ T496] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 499] close(3) = 0 [pid 499] close(4) = 0 [pid 499] mkdir("./file1", 0777) = 0 [pid 499] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 499] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 499] chdir("./file1") = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 499] ioctl(4, LOOP_CLR_FD) = 0 [pid 499] close(4) = 0 [pid 499] chdir("./file0") = 0 [pid 499] creat("./bus", 000) = 4 [pid 499] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 499] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 499] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 499] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 499] exit_group(0) = ? [pid 499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./65/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./65/file1/lost+found") = 0 umount2("./65/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./65/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/file1/file0/file0") = 0 umount2("./65/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/file1/file0/file1") = 0 umount2("./65/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./65/file1/file0") = 0 umount2("./65/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/file1/file1") = 0 umount2("./65/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/file1/file2") = 0 umount2("./65/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/file1/file3") = 0 umount2("./65/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = -1 EBUSY (Device or resource busy) umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 502 ./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x555556850660, 24) = 0 [pid 502] chdir("./66") = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 502] write(3, "1000", 4) = 4 [pid 502] close(3) = 0 [pid 502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 502] write(1, "executing program\n", 18) = 18 [pid 502] memfd_create("syzkaller", 0) = 3 [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 502] munmap(0x7f9cfca3c000, 138412032) = 0 [ 25.809828][ T499] loop0: detected capacity change from 0 to 1024 [ 25.817519][ T499] EXT4-fs: Ignoring removed orlov option [ 25.823036][ T499] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 502] close(3) = 0 [pid 502] close(4) = 0 [pid 502] mkdir("./file1", 0777) = 0 [pid 502] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 502] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 502] chdir("./file1") = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 502] ioctl(4, LOOP_CLR_FD) = 0 [pid 502] close(4) = 0 [pid 502] chdir("./file0") = 0 [pid 502] creat("./bus", 000) = 4 [pid 502] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 502] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 502] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 502] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 502] exit_group(0) = ? [pid 502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./66/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./66/file1/lost+found") = 0 umount2("./66/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./66/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/file1/file0/file0") = 0 umount2("./66/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/file1/file0/file1") = 0 umount2("./66/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./66/file1/file0") = 0 umount2("./66/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/file1/file1") = 0 umount2("./66/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/file1/file2") = 0 umount2("./66/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/file1/file3") = 0 umount2("./66/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = -1 EBUSY (Device or resource busy) umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x555556850660, 24) = 0 [pid 505] chdir("./67") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 505] write(1, "executing program\n", 18) = 18 [pid 505] memfd_create("syzkaller", 0) = 3 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 505] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.870615][ T502] loop0: detected capacity change from 0 to 1024 [ 25.878426][ T502] EXT4-fs: Ignoring removed orlov option [ 25.883947][ T502] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 505] close(3) = 0 [pid 505] close(4) = 0 [pid 505] mkdir("./file1", 0777) = 0 [pid 505] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 505] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 505] chdir("./file1") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_CLR_FD) = 0 [pid 505] close(4) = 0 [pid 505] chdir("./file0") = 0 [pid 505] creat("./bus", 000) = 4 [pid 505] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 505] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 505] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 505] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 505] exit_group(0) = ? [pid 505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./67/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./67/file1/lost+found") = 0 umount2("./67/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./67/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/file1/file0/file0") = 0 umount2("./67/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/file1/file0/file1") = 0 umount2("./67/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./67/file1/file0") = 0 umount2("./67/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/file1/file1") = 0 umount2("./67/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/file1/file2") = 0 umount2("./67/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/file1/file3") = 0 umount2("./67/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = -1 EBUSY (Device or resource busy) umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 508 ./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x555556850660, 24) = 0 [pid 508] chdir("./68") = 0 [pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 508] setpgid(0, 0) = 0 [pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 508] write(3, "1000", 4) = 4 [pid 508] close(3) = 0 [pid 508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 508] write(1, "executing program\n", 18) = 18 [pid 508] memfd_create("syzkaller", 0) = 3 [pid 508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 25.929300][ T505] loop0: detected capacity change from 0 to 1024 [ 25.936382][ T505] EXT4-fs: Ignoring removed orlov option [ 25.941919][ T505] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 508] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 508] close(3) = 0 [pid 508] close(4) = 0 [pid 508] mkdir("./file1", 0777) = 0 [pid 508] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 508] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 508] chdir("./file1") = 0 [pid 508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 508] ioctl(4, LOOP_CLR_FD) = 0 [pid 508] close(4) = 0 [pid 508] chdir("./file0") = 0 [pid 508] creat("./bus", 000) = 4 [pid 508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 508] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 508] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 508] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 508] exit_group(0) = ? [pid 508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./68/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./68/file1/lost+found") = 0 umount2("./68/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./68/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/file1/file0/file0") = 0 umount2("./68/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/file1/file0/file1") = 0 umount2("./68/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./68/file1/file0") = 0 umount2("./68/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/file1/file1") = 0 umount2("./68/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/file1/file2") = 0 umount2("./68/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/file1/file3") = 0 umount2("./68/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = -1 EBUSY (Device or resource busy) umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 511 ./strace-static-x86_64: Process 511 attached [pid 511] set_robust_list(0x555556850660, 24) = 0 [pid 511] chdir("./69") = 0 [pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 511] setpgid(0, 0) = 0 [pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 511] write(3, "1000", 4) = 4 [pid 511] close(3) = 0 [pid 511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 511] write(1, "executing program\n", 18executing program ) = 18 [pid 511] memfd_create("syzkaller", 0) = 3 [pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 511] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.991499][ T508] loop0: detected capacity change from 0 to 1024 [ 25.998589][ T508] EXT4-fs: Ignoring removed orlov option [ 26.004070][ T508] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 511] close(3) = 0 [pid 511] close(4) = 0 [pid 511] mkdir("./file1", 0777) = 0 [pid 511] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 511] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 511] chdir("./file1") = 0 [pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 511] ioctl(4, LOOP_CLR_FD) = 0 [pid 511] close(4) = 0 [pid 511] chdir("./file0") = 0 [pid 511] creat("./bus", 000) = 4 [pid 511] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 511] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 511] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 511] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 511] exit_group(0) = ? [pid 511] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./69/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./69/file1/lost+found") = 0 umount2("./69/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./69/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/file1/file0/file0") = 0 umount2("./69/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/file1/file0/file1") = 0 umount2("./69/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./69/file1/file0") = 0 umount2("./69/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/file1/file1") = 0 umount2("./69/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/file1/file2") = 0 umount2("./69/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/file1/file3") = 0 umount2("./69/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = -1 EBUSY (Device or resource busy) umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 514 attached , child_tidptr=0x555556850650) = 514 [pid 514] set_robust_list(0x555556850660, 24) = 0 [pid 514] chdir("./70") = 0 [pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 514] setpgid(0, 0) = 0 [pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 514] write(3, "1000", 4) = 4 [pid 514] close(3) = 0 [pid 514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 514] write(1, "executing program\n", 18executing program ) = 18 [pid 514] memfd_create("syzkaller", 0) = 3 [ 26.047195][ T511] loop0: detected capacity change from 0 to 1024 [ 26.054237][ T511] EXT4-fs: Ignoring removed orlov option [ 26.059888][ T511] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 514] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 514] close(3) = 0 [pid 514] close(4) = 0 [pid 514] mkdir("./file1", 0777) = 0 [pid 514] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 514] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 514] chdir("./file1") = 0 [pid 514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 514] ioctl(4, LOOP_CLR_FD) = 0 [pid 514] close(4) = 0 [pid 514] chdir("./file0") = 0 [pid 514] creat("./bus", 000) = 4 [pid 514] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 514] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 514] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 514] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 514] exit_group(0) = ? [pid 514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./70/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./70/file1/lost+found") = 0 umount2("./70/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./70/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/file1/file0/file0") = 0 umount2("./70/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/file1/file0/file1") = 0 umount2("./70/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./70/file1/file0") = 0 umount2("./70/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/file1/file1") = 0 umount2("./70/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/file1/file2") = 0 umount2("./70/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/file1/file3") = 0 umount2("./70/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = -1 EBUSY (Device or resource busy) umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./70/file1") = 0 [ 26.112050][ T514] loop0: detected capacity change from 0 to 1024 [ 26.119926][ T514] EXT4-fs: Ignoring removed orlov option [ 26.125588][ T514] EXT4-fs: Ignoring removed nomblk_io_submit option getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 517 ./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x555556850660, 24) = 0 [pid 517] chdir("./71") = 0 [pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 517] setpgid(0, 0) = 0 [pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 517] write(3, "1000", 4) = 4 [pid 517] close(3) = 0 [pid 517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 517] write(1, "executing program\n", 18executing program ) = 18 [pid 517] memfd_create("syzkaller", 0) = 3 [pid 517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 517] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 517] close(3) = 0 [pid 517] close(4) = 0 [pid 517] mkdir("./file1", 0777) = 0 [pid 517] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 517] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 517] chdir("./file1") = 0 [pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 517] ioctl(4, LOOP_CLR_FD) = 0 [pid 517] close(4) = 0 [pid 517] chdir("./file0") = 0 [pid 517] creat("./bus", 000) = 4 [pid 517] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 517] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 517] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 517] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 517] exit_group(0) = ? [pid 517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./71/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./71/file1/lost+found") = 0 umount2("./71/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./71/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/file1/file0/file0") = 0 umount2("./71/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/file1/file0/file1") = 0 umount2("./71/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./71/file1/file0") = 0 umount2("./71/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/file1/file1") = 0 umount2("./71/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/file1/file2") = 0 umount2("./71/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/file1/file3") = 0 umount2("./71/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = -1 EBUSY (Device or resource busy) umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555556850660, 24) = 0 [pid 520] chdir("./72") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18executing program ) = 18 [pid 520] memfd_create("syzkaller", 0) = 3 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 26.183116][ T517] loop0: detected capacity change from 0 to 1024 [ 26.190237][ T517] EXT4-fs: Ignoring removed orlov option [ 26.195831][ T517] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 520] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 520] close(3) = 0 [pid 520] close(4) = 0 [pid 520] mkdir("./file1", 0777) = 0 [pid 520] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 520] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 520] chdir("./file1") = 0 [pid 520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 520] ioctl(4, LOOP_CLR_FD) = 0 [pid 520] close(4) = 0 [pid 520] chdir("./file0") = 0 [pid 520] creat("./bus", 000) = 4 [pid 520] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 520] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 520] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 520] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 520] exit_group(0) = ? [pid 520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./72/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./72/file1/lost+found") = 0 umount2("./72/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./72/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/file1/file0/file0") = 0 umount2("./72/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/file1/file0/file1") = 0 umount2("./72/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./72/file1/file0") = 0 umount2("./72/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/file1/file1") = 0 umount2("./72/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/file1/file2") = 0 umount2("./72/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/file1/file3") = 0 umount2("./72/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = -1 EBUSY (Device or resource busy) umount2("./72/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 523 ./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x555556850660, 24) = 0 [pid 523] chdir("./73") = 0 [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 523] setpgid(0, 0) = 0 [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 523] write(3, "1000", 4) = 4 [pid 523] close(3) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 523] write(1, "executing program\n", 18) = 18 [pid 523] memfd_create("syzkaller", 0) = 3 [pid 523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 26.246413][ T520] loop0: detected capacity change from 0 to 1024 [ 26.254063][ T520] EXT4-fs: Ignoring removed orlov option [ 26.259768][ T520] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 523] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 523] close(3) = 0 [pid 523] close(4) = 0 [pid 523] mkdir("./file1", 0777) = 0 [pid 523] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 523] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 523] chdir("./file1") = 0 [pid 523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 523] ioctl(4, LOOP_CLR_FD) = 0 [pid 523] close(4) = 0 [pid 523] chdir("./file0") = 0 [pid 523] creat("./bus", 000) = 4 [pid 523] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 523] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 523] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 523] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 523] exit_group(0) = ? [pid 523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=523, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./73/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./73/file1/lost+found") = 0 umount2("./73/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./73/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/file1/file0/file0") = 0 umount2("./73/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/file1/file0/file1") = 0 umount2("./73/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./73/file1/file0") = 0 umount2("./73/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/file1/file1") = 0 umount2("./73/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/file1/file2") = 0 umount2("./73/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/file1/file3") = 0 umount2("./73/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = -1 EBUSY (Device or resource busy) umount2("./73/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 526 ./strace-static-x86_64: Process 526 attached [pid 526] set_robust_list(0x555556850660, 24) = 0 [pid 526] chdir("./74") = 0 [pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 526] setpgid(0, 0) = 0 [pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 526] write(3, "1000", 4) = 4 [pid 526] close(3) = 0 [pid 526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 526] write(1, "executing program\n", 18executing program ) = 18 [pid 526] memfd_create("syzkaller", 0) = 3 [pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 26.310549][ T523] loop0: detected capacity change from 0 to 1024 [ 26.318162][ T523] EXT4-fs: Ignoring removed orlov option [ 26.323741][ T523] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 526] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 526] close(3) = 0 [pid 526] close(4) = 0 [pid 526] mkdir("./file1", 0777) = 0 [pid 526] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 526] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 526] chdir("./file1") = 0 [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 526] ioctl(4, LOOP_CLR_FD) = 0 [pid 526] close(4) = 0 [pid 526] chdir("./file0") = 0 [pid 526] creat("./bus", 000) = 4 [pid 526] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 526] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 526] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 526] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 526] exit_group(0) = ? [pid 526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=526, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./74/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./74/file1/lost+found") = 0 umount2("./74/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./74/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/file1/file0/file0") = 0 umount2("./74/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/file1/file0/file1") = 0 umount2("./74/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./74/file1/file0") = 0 umount2("./74/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/file1/file1") = 0 umount2("./74/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/file1/file2") = 0 umount2("./74/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/file1/file3") = 0 umount2("./74/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = -1 EBUSY (Device or resource busy) umount2("./74/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 529 ./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x555556850660, 24) = 0 [pid 529] chdir("./75") = 0 [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 529] setpgid(0, 0) = 0 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 529] write(3, "1000", 4) = 4 [pid 529] close(3) = 0 [pid 529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 529] write(1, "executing program\n", 18) = 18 [pid 529] memfd_create("syzkaller", 0) = 3 [pid 529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 26.371764][ T526] loop0: detected capacity change from 0 to 1024 [ 26.379344][ T526] EXT4-fs: Ignoring removed orlov option [ 26.384848][ T526] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 529] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 529] close(3) = 0 [pid 529] close(4) = 0 [pid 529] mkdir("./file1", 0777) = 0 [pid 529] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 529] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 529] chdir("./file1") = 0 [pid 529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 529] ioctl(4, LOOP_CLR_FD) = 0 [pid 529] close(4) = 0 [pid 529] chdir("./file0") = 0 [pid 529] creat("./bus", 000) = 4 [pid 529] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 529] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 529] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 529] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 529] exit_group(0) = ? [pid 529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=529, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./75/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./75/file1/lost+found") = 0 umount2("./75/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./75/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/file1/file0/file0") = 0 umount2("./75/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/file1/file0/file1") = 0 umount2("./75/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./75/file1/file0") = 0 umount2("./75/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/file1/file1") = 0 umount2("./75/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/file1/file2") = 0 umount2("./75/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/file1/file3") = 0 umount2("./75/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = -1 EBUSY (Device or resource busy) umount2("./75/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 532 ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x555556850660, 24) = 0 [pid 532] chdir("./76") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs") = 0 [pid 532] write(1, "executing program\n", 18) = 18 [pid 532] memfd_create("syzkaller", 0) = 3 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 532] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.435976][ T529] loop0: detected capacity change from 0 to 1024 [ 26.443189][ T529] EXT4-fs: Ignoring removed orlov option [ 26.449100][ T529] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 532] close(3) = 0 [pid 532] close(4) = 0 [pid 532] mkdir("./file1", 0777) = 0 [pid 532] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 532] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 532] chdir("./file1") = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 532] ioctl(4, LOOP_CLR_FD) = 0 [pid 532] close(4) = 0 [pid 532] chdir("./file0") = 0 [pid 532] creat("./bus", 000) = 4 [pid 532] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 532] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 532] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 532] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 532] exit_group(0) = ? [pid 532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=532, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./76/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./76/file1/lost+found") = 0 umount2("./76/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./76/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/file1/file0/file0") = 0 umount2("./76/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/file1/file0/file1") = 0 umount2("./76/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./76/file1/file0") = 0 umount2("./76/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/file1/file1") = 0 umount2("./76/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/file1/file2") = 0 umount2("./76/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/file1/file3") = 0 umount2("./76/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = -1 EBUSY (Device or resource busy) umount2("./76/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 535 ./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x555556850660, 24) = 0 [pid 535] chdir("./77") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 535] write(1, "executing program\n", 18) = 18 [pid 535] memfd_create("syzkaller", 0) = 3 [pid 535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 535] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.489669][ T532] loop0: detected capacity change from 0 to 1024 [ 26.499026][ T532] EXT4-fs: Ignoring removed orlov option [ 26.504600][ T532] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 535] close(3) = 0 [pid 535] close(4) = 0 [pid 535] mkdir("./file1", 0777) = 0 [pid 535] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 535] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 535] chdir("./file1") = 0 [pid 535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 535] ioctl(4, LOOP_CLR_FD) = 0 [pid 535] close(4) = 0 [pid 535] chdir("./file0") = 0 [pid 535] creat("./bus", 000) = 4 [pid 535] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 535] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 535] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 535] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 535] exit_group(0) = ? [pid 535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=535, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./77/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./77/file1/lost+found") = 0 umount2("./77/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./77/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/file1/file0/file0") = 0 umount2("./77/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/file1/file0/file1") = 0 umount2("./77/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./77/file1/file0") = 0 umount2("./77/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/file1/file1") = 0 umount2("./77/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/file1/file2") = 0 umount2("./77/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/file1/file3") = 0 umount2("./77/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = -1 EBUSY (Device or resource busy) umount2("./77/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 538 ./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x555556850660, 24) = 0 [pid 538] chdir("./78") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 538] write(1, "executing program\n", 18) = 18 [pid 538] memfd_create("syzkaller", 0) = 3 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 26.550065][ T535] loop0: detected capacity change from 0 to 1024 [ 26.557343][ T535] EXT4-fs: Ignoring removed orlov option [ 26.562849][ T535] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 538] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 538] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 538] close(3) = 0 [pid 538] close(4) = 0 [pid 538] mkdir("./file1", 0777) = 0 [pid 538] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 538] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 538] chdir("./file1") = 0 [pid 538] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 538] ioctl(4, LOOP_CLR_FD) = 0 [pid 538] close(4) = 0 [pid 538] chdir("./file0") = 0 [pid 538] creat("./bus", 000) = 4 [pid 538] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 538] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 538] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 538] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 538] exit_group(0) = ? [pid 538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=538, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./78/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./78/file1/lost+found") = 0 umount2("./78/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./78/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/file1/file0/file0") = 0 umount2("./78/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/file1/file0/file1") = 0 umount2("./78/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./78/file1/file0") = 0 umount2("./78/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/file1/file1") = 0 umount2("./78/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/file1/file2") = 0 umount2("./78/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/file1/file3") = 0 umount2("./78/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file1") = -1 EBUSY (Device or resource busy) umount2("./78/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./78/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 [ 26.613246][ T538] loop0: detected capacity change from 0 to 1024 [ 26.621464][ T538] EXT4-fs: Ignoring removed orlov option [ 26.627140][ T538] EXT4-fs: Ignoring removed nomblk_io_submit option openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 542 ./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x555556850660, 24) = 0 [pid 542] chdir("./79") = 0 [pid 542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 542] setpgid(0, 0) = 0 [pid 542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 542] write(3, "1000", 4) = 4 [pid 542] close(3) = 0 [pid 542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 542] write(1, "executing program\n", 18) = 18 [pid 542] memfd_create("syzkaller", 0) = 3 [pid 542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 542] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 542] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 542] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 542] close(3) = 0 [pid 542] close(4) = 0 [pid 542] mkdir("./file1", 0777) = 0 [pid 542] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 542] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 542] chdir("./file1") = 0 [pid 542] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 542] ioctl(4, LOOP_CLR_FD) = 0 [pid 542] close(4) = 0 [pid 542] chdir("./file0") = 0 [pid 542] creat("./bus", 000) = 4 [pid 542] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 542] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 542] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 542] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 542] exit_group(0) = ? [pid 542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=542, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./79/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./79/file1/lost+found") = 0 umount2("./79/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./79/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/file1/file0/file0") = 0 umount2("./79/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/file1/file0/file1") = 0 umount2("./79/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./79/file1/file0") = 0 umount2("./79/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/file1/file1") = 0 umount2("./79/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/file1/file2") = 0 umount2("./79/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/file1/file3") = 0 umount2("./79/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file1") = -1 EBUSY (Device or resource busy) umount2("./79/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./79/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x555556850660, 24) = 0 [pid 545] chdir("./80") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] write(1, "executing program\n", 18) = 18 [pid 545] memfd_create("syzkaller", 0) = 3 [pid 545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 545] munmap(0x7f9cfca3c000, 138412032) = 0 [ 26.677483][ T542] loop0: detected capacity change from 0 to 1024 [ 26.684481][ T542] EXT4-fs: Ignoring removed orlov option [ 26.690189][ T542] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 545] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 545] close(3) = 0 [pid 545] close(4) = 0 [pid 545] mkdir("./file1", 0777) = 0 [pid 545] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 545] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 545] chdir("./file1") = 0 [pid 545] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 545] ioctl(4, LOOP_CLR_FD) = 0 [pid 545] close(4) = 0 [pid 545] chdir("./file0") = 0 [pid 545] creat("./bus", 000) = 4 [pid 545] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 545] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 545] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 545] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 545] exit_group(0) = ? [pid 545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=545, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./80/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./80/file1/lost+found") = 0 umount2("./80/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./80/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/file1/file0/file0") = 0 umount2("./80/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/file1/file0/file1") = 0 umount2("./80/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./80/file1/file0") = 0 umount2("./80/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/file1/file1") = 0 umount2("./80/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/file1/file2") = 0 umount2("./80/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/file1/file3") = 0 umount2("./80/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file1") = -1 EBUSY (Device or resource busy) umount2("./80/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 548 ./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x555556850660, 24) = 0 [pid 548] chdir("./81") = 0 [pid 548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 548] setpgid(0, 0) = 0 [pid 548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 548] write(3, "1000", 4) = 4 [pid 548] close(3) = 0 [pid 548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 548] write(1, "executing program\n", 18executing program ) = 18 [pid 548] memfd_create("syzkaller", 0) = 3 [pid 548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 26.738667][ T545] loop0: detected capacity change from 0 to 1024 [ 26.746494][ T545] EXT4-fs: Ignoring removed orlov option [ 26.752099][ T545] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 548] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 548] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 548] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 548] close(3) = 0 [pid 548] close(4) = 0 [pid 548] mkdir("./file1", 0777) = 0 [pid 548] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 548] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 548] chdir("./file1") = 0 [pid 548] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 548] ioctl(4, LOOP_CLR_FD) = 0 [pid 548] close(4) = 0 [pid 548] chdir("./file0") = 0 [pid 548] creat("./bus", 000) = 4 [pid 548] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 548] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 548] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 548] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 548] exit_group(0) = ? [pid 548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=548, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./81/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./81/file1/lost+found") = 0 umount2("./81/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./81/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/file1/file0/file0") = 0 umount2("./81/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/file1/file0/file1") = 0 umount2("./81/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./81/file1/file0") = 0 umount2("./81/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/file1/file1") = 0 umount2("./81/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/file1/file2") = 0 umount2("./81/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/file1/file3") = 0 umount2("./81/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = -1 EBUSY (Device or resource busy) umount2("./81/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 551 ./strace-static-x86_64: Process 551 attached [pid 551] set_robust_list(0x555556850660, 24) = 0 [pid 551] chdir("./82") = 0 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 551] setpgid(0, 0) = 0 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 551] write(3, "1000", 4) = 4 [pid 551] close(3) = 0 [pid 551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 551] write(1, "executing program\n", 18executing program ) = 18 [pid 551] memfd_create("syzkaller", 0) = 3 [pid 551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 26.801892][ T548] loop0: detected capacity change from 0 to 1024 [ 26.809025][ T548] EXT4-fs: Ignoring removed orlov option [ 26.814509][ T548] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 551] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 551] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 551] close(3) = 0 [pid 551] close(4) = 0 [pid 551] mkdir("./file1", 0777) = 0 [pid 551] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 551] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 551] chdir("./file1") = 0 [pid 551] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 551] ioctl(4, LOOP_CLR_FD) = 0 [pid 551] close(4) = 0 [pid 551] chdir("./file0") = 0 [pid 551] creat("./bus", 000) = 4 [pid 551] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 551] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 551] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 551] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 551] exit_group(0) = ? [pid 551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=551, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./82/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./82/file1/lost+found") = 0 umount2("./82/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./82/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/file1/file0/file0") = 0 umount2("./82/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/file1/file0/file1") = 0 umount2("./82/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./82/file1/file0") = 0 umount2("./82/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/file1/file1") = 0 umount2("./82/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/file1/file2") = 0 umount2("./82/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/file1/file3") = 0 umount2("./82/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = -1 EBUSY (Device or resource busy) umount2("./82/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 554 ./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x555556850660, 24) = 0 [pid 554] chdir("./83") = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 554] setpgid(0, 0) = 0 [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 554] write(3, "1000", 4) = 4 [pid 554] close(3) = 0 [pid 554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 554] write(1, "executing program\n", 18) = 18 [pid 554] memfd_create("syzkaller", 0) = 3 [pid 554] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 554] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 554] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.864630][ T551] loop0: detected capacity change from 0 to 1024 [ 26.871965][ T551] EXT4-fs: Ignoring removed orlov option [ 26.877740][ T551] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 554] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 554] close(3) = 0 [pid 554] close(4) = 0 [pid 554] mkdir("./file1", 0777) = 0 [pid 554] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 554] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 554] chdir("./file1") = 0 [pid 554] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 554] ioctl(4, LOOP_CLR_FD) = 0 [pid 554] close(4) = 0 [pid 554] chdir("./file0") = 0 [pid 554] creat("./bus", 000) = 4 [pid 554] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 554] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 554] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 554] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 554] exit_group(0) = ? [pid 554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=554, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./83/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./83/file1/lost+found") = 0 umount2("./83/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./83/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/file1/file0/file0") = 0 umount2("./83/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/file1/file0/file1") = 0 umount2("./83/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./83/file1/file0") = 0 umount2("./83/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/file1/file1") = 0 umount2("./83/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/file1/file2") = 0 umount2("./83/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/file1/file3") = 0 umount2("./83/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file1") = -1 EBUSY (Device or resource busy) umount2("./83/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 557 ./strace-static-x86_64: Process 557 attached [pid 557] set_robust_list(0x555556850660, 24) = 0 [pid 557] chdir("./84") = 0 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 557] setpgid(0, 0) = 0 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 557] write(1, "executing program\n", 18) = 18 [pid 557] memfd_create("syzkaller", 0) = 3 [pid 557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 557] munmap(0x7f9cfca3c000, 138412032) = 0 [ 26.918928][ T554] loop0: detected capacity change from 0 to 1024 [ 26.925942][ T554] EXT4-fs: Ignoring removed orlov option [ 26.931476][ T554] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 557] close(3) = 0 [pid 557] close(4) = 0 [pid 557] mkdir("./file1", 0777) = 0 [pid 557] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 557] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 557] chdir("./file1") = 0 [pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 557] ioctl(4, LOOP_CLR_FD) = 0 [pid 557] close(4) = 0 [pid 557] chdir("./file0") = 0 [pid 557] creat("./bus", 000) = 4 [pid 557] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 557] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 557] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 557] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 557] exit_group(0) = ? [pid 557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=557, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./84/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./84/file1/lost+found") = 0 umount2("./84/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./84/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/file1/file0/file0") = 0 umount2("./84/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/file1/file0/file1") = 0 umount2("./84/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./84/file1/file0") = 0 umount2("./84/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/file1/file1") = 0 umount2("./84/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/file1/file2") = 0 umount2("./84/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/file1/file3") = 0 umount2("./84/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = -1 EBUSY (Device or resource busy) umount2("./84/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 560 ./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x555556850660, 24) = 0 [pid 560] chdir("./85") = 0 [pid 560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 560] setpgid(0, 0) = 0 [pid 560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 560] write(3, "1000", 4) = 4 [pid 560] close(3) = 0 [pid 560] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 560] write(1, "executing program\n", 18) = 18 [pid 560] memfd_create("syzkaller", 0) = 3 [pid 560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 560] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 26.974535][ T557] loop0: detected capacity change from 0 to 1024 [ 26.981737][ T557] EXT4-fs: Ignoring removed orlov option [ 26.987320][ T557] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 560] close(3) = 0 [pid 560] close(4) = 0 [pid 560] mkdir("./file1", 0777) = 0 [pid 560] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 560] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 560] chdir("./file1") = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 560] ioctl(4, LOOP_CLR_FD) = 0 [pid 560] close(4) = 0 [pid 560] chdir("./file0") = 0 [pid 560] creat("./bus", 000) = 4 [pid 560] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 560] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 560] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 560] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 560] exit_group(0) = ? [pid 560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=560, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./85/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./85/file1/lost+found") = 0 umount2("./85/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./85/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/file1/file0/file0") = 0 umount2("./85/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/file1/file0/file1") = 0 umount2("./85/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./85/file1/file0") = 0 umount2("./85/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/file1/file1") = 0 umount2("./85/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/file1/file2") = 0 umount2("./85/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/file1/file3") = 0 umount2("./85/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file1") = -1 EBUSY (Device or resource busy) umount2("./85/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 563 executing program ./strace-static-x86_64: Process 563 attached [pid 563] set_robust_list(0x555556850660, 24) = 0 [pid 563] chdir("./86") = 0 [pid 563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 563] setpgid(0, 0) = 0 [pid 563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 563] write(3, "1000", 4) = 4 [pid 563] close(3) = 0 [pid 563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 563] write(1, "executing program\n", 18) = 18 [pid 563] memfd_create("syzkaller", 0) = 3 [pid 563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 563] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.023023][ T560] loop0: detected capacity change from 0 to 1024 [ 27.030596][ T560] EXT4-fs: Ignoring removed orlov option [ 27.036182][ T560] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 563] close(3) = 0 [pid 563] close(4) = 0 [pid 563] mkdir("./file1", 0777) = 0 [pid 563] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 563] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 563] chdir("./file1") = 0 [pid 563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 563] ioctl(4, LOOP_CLR_FD) = 0 [pid 563] close(4) = 0 [pid 563] chdir("./file0") = 0 [pid 563] creat("./bus", 000) = 4 [pid 563] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 563] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 563] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 563] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 563] exit_group(0) = ? [pid 563] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=563, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./86/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./86/file1/lost+found") = 0 umount2("./86/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./86/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/file1/file0/file0") = 0 umount2("./86/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/file1/file0/file1") = 0 umount2("./86/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./86/file1/file0") = 0 umount2("./86/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/file1/file1") = 0 umount2("./86/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/file1/file2") = 0 umount2("./86/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/file1/file3") = 0 umount2("./86/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = -1 EBUSY (Device or resource busy) umount2("./86/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 566 ./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x555556850660, 24) = 0 [pid 566] chdir("./87") = 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 566] setpgid(0, 0) = 0 [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 566] write(3, "1000", 4) = 4 [pid 566] close(3) = 0 [pid 566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 566] write(1, "executing program\n", 18) = 18 [pid 566] memfd_create("syzkaller", 0) = 3 [pid 566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 27.083547][ T563] loop0: detected capacity change from 0 to 1024 [ 27.090610][ T563] EXT4-fs: Ignoring removed orlov option [ 27.096182][ T563] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 566] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 566] close(3) = 0 [pid 566] close(4) = 0 [pid 566] mkdir("./file1", 0777) = 0 [pid 566] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 566] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 566] chdir("./file1") = 0 [pid 566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 566] ioctl(4, LOOP_CLR_FD) = 0 [pid 566] close(4) = 0 [pid 566] chdir("./file0") = 0 [pid 566] creat("./bus", 000) = 4 [pid 566] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 566] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 566] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 566] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 566] exit_group(0) = ? [pid 566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=566, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./87/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./87/file1/lost+found") = 0 umount2("./87/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./87/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1/file0/file0") = 0 umount2("./87/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1/file0/file1") = 0 umount2("./87/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./87/file1/file0") = 0 umount2("./87/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1/file1") = 0 umount2("./87/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1/file2") = 0 umount2("./87/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1/file3") = 0 umount2("./87/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = -1 EBUSY (Device or resource busy) umount2("./87/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x555556850660, 24) = 0 [pid 569] chdir("./88") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] write(1, "executing program\n", 18executing program ) = 18 [pid 569] memfd_create("syzkaller", 0) = 3 [pid 569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 569] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.145373][ T566] loop0: detected capacity change from 0 to 1024 [ 27.152610][ T566] EXT4-fs: Ignoring removed orlov option [ 27.158132][ T566] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 569] close(3) = 0 [pid 569] close(4) = 0 [pid 569] mkdir("./file1", 0777) = 0 [pid 569] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 569] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 569] chdir("./file1") = 0 [pid 569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 569] ioctl(4, LOOP_CLR_FD) = 0 [pid 569] close(4) = 0 [pid 569] chdir("./file0") = 0 [pid 569] creat("./bus", 000) = 4 [pid 569] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 569] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 569] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 569] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 569] exit_group(0) = ? [pid 569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=569, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./88/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./88/file1/lost+found") = 0 umount2("./88/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./88/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/file1/file0/file0") = 0 umount2("./88/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/file1/file0/file1") = 0 umount2("./88/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./88/file1/file0") = 0 umount2("./88/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/file1/file1") = 0 umount2("./88/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/file1/file2") = 0 umount2("./88/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/file1/file3") = 0 umount2("./88/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = -1 EBUSY (Device or resource busy) umount2("./88/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 572 ./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x555556850660, 24) = 0 [pid 572] chdir("./89") = 0 [pid 572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 572] setpgid(0, 0) = 0 [pid 572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 572] write(3, "1000", 4) = 4 [pid 572] close(3) = 0 [pid 572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 572] write(1, "executing program\n", 18) = 18 [pid 572] memfd_create("syzkaller", 0) = 3 [pid 572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 27.199817][ T569] loop0: detected capacity change from 0 to 1024 [ 27.207357][ T569] EXT4-fs: Ignoring removed orlov option [ 27.212862][ T569] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 572] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 572] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 572] close(3) = 0 [pid 572] close(4) = 0 [pid 572] mkdir("./file1", 0777) = 0 [pid 572] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 572] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 572] chdir("./file1") = 0 [pid 572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 572] ioctl(4, LOOP_CLR_FD) = 0 [pid 572] close(4) = 0 [pid 572] chdir("./file0") = 0 [pid 572] creat("./bus", 000) = 4 [pid 572] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 572] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 572] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 572] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 572] exit_group(0) = ? [pid 572] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=572, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./89/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./89/file1/lost+found") = 0 umount2("./89/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./89/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/file1/file0/file0") = 0 umount2("./89/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/file1/file0/file1") = 0 umount2("./89/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./89/file1/file0") = 0 umount2("./89/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/file1/file1") = 0 umount2("./89/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/file1/file2") = 0 umount2("./89/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/file1/file3") = 0 umount2("./89/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = -1 EBUSY (Device or resource busy) umount2("./89/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 575 ./strace-static-x86_64: Process 575 attached [pid 575] set_robust_list(0x555556850660, 24) = 0 [pid 575] chdir("./90") = 0 [pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 575] setpgid(0, 0) = 0 [pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 575] write(3, "1000", 4) = 4 [pid 575] close(3) = 0 [pid 575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 575] write(1, "executing program\n", 18) = 18 [pid 575] memfd_create("syzkaller", 0) = 3 [pid 575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 27.264379][ T572] loop0: detected capacity change from 0 to 1024 [ 27.271380][ T572] EXT4-fs: Ignoring removed orlov option [ 27.277404][ T572] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 575] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 575] close(3) = 0 [pid 575] close(4) = 0 [pid 575] mkdir("./file1", 0777) = 0 [pid 575] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 575] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 575] chdir("./file1") = 0 [pid 575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 575] ioctl(4, LOOP_CLR_FD) = 0 [pid 575] close(4) = 0 [pid 575] chdir("./file0") = 0 [pid 575] creat("./bus", 000) = 4 [pid 575] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 575] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 575] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 575] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 575] exit_group(0) = ? [pid 575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=575, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./90/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./90/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./90/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./90/file1/lost+found") = 0 umount2("./90/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./90/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/file1/file0/file0") = 0 umount2("./90/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/file1/file0/file1") = 0 umount2("./90/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./90/file1/file0") = 0 umount2("./90/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/file1/file1") = 0 umount2("./90/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/file1/file2") = 0 umount2("./90/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/file1/file3") = 0 umount2("./90/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file1") = -1 EBUSY (Device or resource busy) umount2("./90/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./90/file1") = 0 [ 27.327155][ T575] loop0: detected capacity change from 0 to 1024 [ 27.334232][ T575] EXT4-fs: Ignoring removed orlov option [ 27.340109][ T575] EXT4-fs: Ignoring removed nomblk_io_submit option getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 578 ./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x555556850660, 24) = 0 [pid 578] chdir("./91") = 0 [pid 578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 578] setpgid(0, 0) = 0 [pid 578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 578] write(3, "1000", 4) = 4 [pid 578] close(3) = 0 [pid 578] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 578] write(1, "executing program\n", 18) = 18 [pid 578] memfd_create("syzkaller", 0) = 3 [pid 578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 578] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 578] close(3) = 0 [pid 578] close(4) = 0 [pid 578] mkdir("./file1", 0777) = 0 [pid 578] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 578] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 578] chdir("./file1") = 0 [pid 578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 578] ioctl(4, LOOP_CLR_FD) = 0 [pid 578] close(4) = 0 [pid 578] chdir("./file0") = 0 [pid 578] creat("./bus", 000) = 4 [pid 578] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 578] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 578] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 578] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 578] exit_group(0) = ? [pid 578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=578, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./91/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./91/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./91/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./91/file1/lost+found") = 0 umount2("./91/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./91/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/file1/file0/file0") = 0 umount2("./91/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/file1/file0/file1") = 0 umount2("./91/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./91/file1/file0") = 0 umount2("./91/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/file1/file1") = 0 umount2("./91/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/file1/file2") = 0 umount2("./91/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/file1/file3") = 0 umount2("./91/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file1") = -1 EBUSY (Device or resource busy) umount2("./91/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./91/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 27.396753][ T578] loop0: detected capacity change from 0 to 1024 [ 27.404390][ T578] EXT4-fs: Ignoring removed orlov option [ 27.409999][ T578] EXT4-fs: Ignoring removed nomblk_io_submit option close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 581 ./strace-static-x86_64: Process 581 attached [pid 581] set_robust_list(0x555556850660, 24) = 0 [pid 581] chdir("./92") = 0 [pid 581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 581] setpgid(0, 0) = 0 [pid 581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 581] write(3, "1000", 4) = 4 [pid 581] close(3) = 0 [pid 581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 581] write(1, "executing program\n", 18executing program ) = 18 [pid 581] memfd_create("syzkaller", 0) = 3 [pid 581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 581] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 581] close(3) = 0 [pid 581] close(4) = 0 [pid 581] mkdir("./file1", 0777) = 0 [pid 581] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 581] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 581] chdir("./file1") = 0 [pid 581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 581] ioctl(4, LOOP_CLR_FD) = 0 [pid 581] close(4) = 0 [pid 581] chdir("./file0") = 0 [pid 581] creat("./bus", 000) = 4 [pid 581] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 581] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 581] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 581] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 581] exit_group(0) = ? [pid 581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=581, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./92/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./92/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./92/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./92/file1/lost+found") = 0 umount2("./92/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./92/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/file1/file0/file0") = 0 umount2("./92/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/file1/file0/file1") = 0 umount2("./92/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./92/file1/file0") = 0 umount2("./92/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/file1/file1") = 0 umount2("./92/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/file1/file2") = 0 umount2("./92/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/file1/file3") = 0 umount2("./92/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file1") = -1 EBUSY (Device or resource busy) umount2("./92/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./92/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 584 ./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x555556850660, 24) = 0 [pid 584] chdir("./93") = 0 [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 584] setpgid(0, 0) = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 584] write(3, "1000", 4) = 4 [pid 584] close(3) = 0 [pid 584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 584] write(1, "executing program\n", 18executing program ) = 18 [pid 584] memfd_create("syzkaller", 0) = 3 [pid 584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 584] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.466348][ T581] loop0: detected capacity change from 0 to 1024 [ 27.473321][ T581] EXT4-fs: Ignoring removed orlov option [ 27.478995][ T581] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 584] close(3) = 0 [pid 584] close(4) = 0 [pid 584] mkdir("./file1", 0777) = 0 [pid 584] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 584] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 584] chdir("./file1") = 0 [pid 584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 584] ioctl(4, LOOP_CLR_FD) = 0 [pid 584] close(4) = 0 [pid 584] chdir("./file0") = 0 [pid 584] creat("./bus", 000) = 4 [pid 584] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 584] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 584] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 584] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 584] exit_group(0) = ? [pid 584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=584, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./93/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./93/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./93/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./93/file1/lost+found") = 0 umount2("./93/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./93/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/file1/file0/file0") = 0 umount2("./93/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/file1/file0/file1") = 0 umount2("./93/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./93/file1/file0") = 0 umount2("./93/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/file1/file1") = 0 umount2("./93/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/file1/file2") = 0 umount2("./93/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/file1/file3") = 0 umount2("./93/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file1") = -1 EBUSY (Device or resource busy) umount2("./93/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./93/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 587 ./strace-static-x86_64: Process 587 attached [pid 587] set_robust_list(0x555556850660, 24) = 0 [pid 587] chdir("./94") = 0 [pid 587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 587] setpgid(0, 0) = 0 [pid 587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 587] write(3, "1000", 4) = 4 [pid 587] close(3) = 0 [pid 587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 587] write(1, "executing program\n", 18) = 18 [pid 587] memfd_create("syzkaller", 0) = 3 [pid 587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 587] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.524075][ T584] loop0: detected capacity change from 0 to 1024 [ 27.531050][ T584] EXT4-fs: Ignoring removed orlov option [ 27.536716][ T584] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 587] close(3) = 0 [pid 587] close(4) = 0 [pid 587] mkdir("./file1", 0777) = 0 [pid 587] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 587] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 587] chdir("./file1") = 0 [pid 587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 587] ioctl(4, LOOP_CLR_FD) = 0 [pid 587] close(4) = 0 [pid 587] chdir("./file0") = 0 [pid 587] creat("./bus", 000) = 4 [pid 587] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 587] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 587] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 587] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 587] exit_group(0) = ? [pid 587] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=587, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./94/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./94/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./94/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./94/file1/lost+found") = 0 umount2("./94/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./94/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/file1/file0/file0") = 0 umount2("./94/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/file1/file0/file1") = 0 umount2("./94/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./94/file1/file0") = 0 umount2("./94/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/file1/file1") = 0 umount2("./94/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/file1/file2") = 0 umount2("./94/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/file1/file3") = 0 umount2("./94/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file1") = -1 EBUSY (Device or resource busy) umount2("./94/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./94/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 591 ./strace-static-x86_64: Process 591 attached [pid 591] set_robust_list(0x555556850660, 24) = 0 [pid 591] chdir("./95") = 0 [pid 591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 591] setpgid(0, 0) = 0 [ 27.579507][ T587] loop0: detected capacity change from 0 to 1024 [ 27.586594][ T587] EXT4-fs: Ignoring removed orlov option [ 27.592059][ T587] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 591] write(3, "1000", 4) = 4 [pid 591] close(3) = 0 [pid 591] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 591] write(1, "executing program\n", 18) = 18 [pid 591] memfd_create("syzkaller", 0) = 3 [pid 591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 591] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 591] close(3) = 0 [pid 591] close(4) = 0 [pid 591] mkdir("./file1", 0777) = 0 [pid 591] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 591] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 591] chdir("./file1") = 0 [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 591] ioctl(4, LOOP_CLR_FD) = 0 [pid 591] close(4) = 0 [pid 591] chdir("./file0") = 0 [pid 591] creat("./bus", 000) = 4 [pid 591] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 591] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 591] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 591] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 591] exit_group(0) = ? [pid 591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=591, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./95/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./95/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./95/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./95/file1/lost+found") = 0 umount2("./95/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./95/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/file1/file0/file0") = 0 umount2("./95/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/file1/file0/file1") = 0 umount2("./95/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./95/file1/file0") = 0 umount2("./95/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/file1/file1") = 0 umount2("./95/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/file1/file2") = 0 umount2("./95/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/file1/file3") = 0 umount2("./95/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file1") = -1 EBUSY (Device or resource busy) umount2("./95/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./95/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 594 ./strace-static-x86_64: Process 594 attached [pid 594] set_robust_list(0x555556850660, 24) = 0 [pid 594] chdir("./96") = 0 [pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 594] setpgid(0, 0) = 0 [pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 594] write(3, "1000", 4) = 4 [pid 594] close(3) = 0 [pid 594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 594] write(1, "executing program\n", 18executing program ) = 18 [pid 594] memfd_create("syzkaller", 0) = 3 [pid 594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 27.644878][ T591] loop0: detected capacity change from 0 to 1024 [ 27.652890][ T591] EXT4-fs: Ignoring removed orlov option [ 27.658970][ T591] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 594] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 594] close(3) = 0 [pid 594] close(4) = 0 [pid 594] mkdir("./file1", 0777) = 0 [pid 594] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 594] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 594] chdir("./file1") = 0 [pid 594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 594] ioctl(4, LOOP_CLR_FD) = 0 [pid 594] close(4) = 0 [pid 594] chdir("./file0") = 0 [pid 594] creat("./bus", 000) = 4 [pid 594] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 594] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 594] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 594] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 594] exit_group(0) = ? [pid 594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=594, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./96/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./96/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./96/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./96/file1/lost+found") = 0 umount2("./96/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./96/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/file1/file0/file0") = 0 umount2("./96/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/file1/file0/file1") = 0 umount2("./96/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./96/file1/file0") = 0 umount2("./96/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/file1/file1") = 0 umount2("./96/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/file1/file2") = 0 umount2("./96/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/file1/file3") = 0 umount2("./96/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file1") = -1 EBUSY (Device or resource busy) umount2("./96/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./96/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 597 ./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x555556850660, 24) = 0 [pid 597] chdir("./97") = 0 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] write(1, "executing program\n", 18executing program ) = 18 [pid 597] memfd_create("syzkaller", 0) = 3 [ 27.708506][ T594] loop0: detected capacity change from 0 to 1024 [ 27.715478][ T594] EXT4-fs: Ignoring removed orlov option [ 27.721029][ T594] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 597] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 597] close(3) = 0 [pid 597] close(4) = 0 [pid 597] mkdir("./file1", 0777) = 0 [pid 597] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 597] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 597] chdir("./file1") = 0 [pid 597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 597] ioctl(4, LOOP_CLR_FD) = 0 [pid 597] close(4) = 0 [pid 597] chdir("./file0") = 0 [pid 597] creat("./bus", 000) = 4 [pid 597] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 597] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 597] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 597] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 597] exit_group(0) = ? [pid 597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=597, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./97/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./97/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./97/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./97/file1/lost+found") = 0 umount2("./97/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./97/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/file1/file0/file0") = 0 umount2("./97/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/file1/file0/file1") = 0 umount2("./97/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./97/file1/file0") = 0 umount2("./97/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/file1/file1") = 0 umount2("./97/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/file1/file2") = 0 umount2("./97/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/file1/file3") = 0 umount2("./97/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file1") = -1 EBUSY (Device or resource busy) umount2("./97/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./97/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 600 ./strace-static-x86_64: Process 600 attached [pid 600] set_robust_list(0x555556850660, 24) = 0 [pid 600] chdir("./98") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0) = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 600] write(1, "executing program\n", 18executing program ) = 18 [ 27.772942][ T597] loop0: detected capacity change from 0 to 1024 [ 27.780101][ T597] EXT4-fs: Ignoring removed orlov option [ 27.785590][ T597] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 600] memfd_create("syzkaller", 0) = 3 [pid 600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 600] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 600] close(3) = 0 [pid 600] close(4) = 0 [pid 600] mkdir("./file1", 0777) = 0 [pid 600] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 600] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 600] chdir("./file1") = 0 [pid 600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 600] ioctl(4, LOOP_CLR_FD) = 0 [pid 600] close(4) = 0 [pid 600] chdir("./file0") = 0 [pid 600] creat("./bus", 000) = 4 [pid 600] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 600] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 600] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 600] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 600] exit_group(0) = ? [pid 600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=600, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./98/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./98/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./98/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./98/file1/lost+found") = 0 umount2("./98/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./98/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/file1/file0/file0") = 0 umount2("./98/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/file1/file0/file1") = 0 umount2("./98/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./98/file1/file0") = 0 umount2("./98/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/file1/file1") = 0 umount2("./98/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/file1/file2") = 0 umount2("./98/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/file1/file3") = 0 umount2("./98/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file1") = -1 EBUSY (Device or resource busy) umount2("./98/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./98/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 603 ./strace-static-x86_64: Process 603 attached [pid 603] set_robust_list(0x555556850660, 24) = 0 [pid 603] chdir("./99") = 0 [pid 603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 603] setpgid(0, 0) = 0 [pid 603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 603] write(3, "1000", 4) = 4 [pid 603] close(3) = 0 [pid 603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 603] write(1, "executing program\n", 18executing program ) = 18 [pid 603] memfd_create("syzkaller", 0) = 3 [pid 603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 27.837303][ T600] loop0: detected capacity change from 0 to 1024 [ 27.844326][ T600] EXT4-fs: Ignoring removed orlov option [ 27.849998][ T600] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 603] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 603] close(3) = 0 [pid 603] close(4) = 0 [pid 603] mkdir("./file1", 0777) = 0 [pid 603] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 603] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 603] chdir("./file1") = 0 [pid 603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 603] ioctl(4, LOOP_CLR_FD) = 0 [pid 603] close(4) = 0 [pid 603] chdir("./file0") = 0 [pid 603] creat("./bus", 000) = 4 [pid 603] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 603] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 603] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 603] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 603] exit_group(0) = ? [pid 603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=603, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./99/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./99/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./99/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./99/file1/lost+found") = 0 umount2("./99/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./99/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/file1/file0/file0") = 0 umount2("./99/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/file1/file0/file1") = 0 umount2("./99/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./99/file1/file0") = 0 umount2("./99/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/file1/file1") = 0 umount2("./99/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/file1/file2") = 0 umount2("./99/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/file1/file3") = 0 umount2("./99/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file1") = -1 EBUSY (Device or resource busy) umount2("./99/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./99/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 606 ./strace-static-x86_64: Process 606 attached [pid 606] set_robust_list(0x555556850660, 24) = 0 [pid 606] chdir("./100") = 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 606] setpgid(0, 0) = 0 [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 606] write(3, "1000", 4) = 4 [pid 606] close(3) = 0 [pid 606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 606] write(1, "executing program\n", 18) = 18 [pid 606] memfd_create("syzkaller", 0) = 3 [pid 606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 27.899912][ T603] loop0: detected capacity change from 0 to 1024 [ 27.907055][ T603] EXT4-fs: Ignoring removed orlov option [ 27.912538][ T603] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 606] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 606] close(3) = 0 [pid 606] close(4) = 0 [pid 606] mkdir("./file1", 0777) = 0 [pid 606] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 606] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 606] chdir("./file1") = 0 [pid 606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 606] ioctl(4, LOOP_CLR_FD) = 0 [pid 606] close(4) = 0 [pid 606] chdir("./file0") = 0 [pid 606] creat("./bus", 000) = 4 [pid 606] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 606] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 606] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 606] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 606] exit_group(0) = ? [pid 606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=606, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./100/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./100/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./100/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./100/file1/lost+found") = 0 umount2("./100/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./100/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/file1/file0/file0") = 0 umount2("./100/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/file1/file0/file1") = 0 umount2("./100/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./100/file1/file0") = 0 umount2("./100/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/file1/file1") = 0 umount2("./100/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/file1/file2") = 0 umount2("./100/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/file1/file3") = 0 umount2("./100/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file1") = -1 EBUSY (Device or resource busy) umount2("./100/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./100/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 609 ./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x555556850660, 24) = 0 [pid 609] chdir("./101") = 0 [pid 609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 609] setpgid(0, 0) = 0 [pid 609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 609] write(3, "1000", 4) = 4 [pid 609] close(3) = 0 [pid 609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 609] write(1, "executing program\n", 18) = 18 [pid 609] memfd_create("syzkaller", 0) = 3 [pid 609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 609] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 27.962080][ T606] loop0: detected capacity change from 0 to 1024 [ 27.969212][ T606] EXT4-fs: Ignoring removed orlov option [ 27.974703][ T606] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 609] close(3) = 0 [pid 609] close(4) = 0 [pid 609] mkdir("./file1", 0777) = 0 [pid 609] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 609] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 609] chdir("./file1") = 0 [pid 609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 609] ioctl(4, LOOP_CLR_FD) = 0 [pid 609] close(4) = 0 [pid 609] chdir("./file0") = 0 [pid 609] creat("./bus", 000) = 4 [pid 609] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 609] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 609] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 609] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 609] exit_group(0) = ? [pid 609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=609, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./101/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./101/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./101/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./101/file1/lost+found") = 0 umount2("./101/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./101/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/file1/file0/file0") = 0 umount2("./101/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/file1/file0/file1") = 0 umount2("./101/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./101/file1/file0") = 0 umount2("./101/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/file1/file1") = 0 umount2("./101/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/file1/file2") = 0 umount2("./101/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/file1/file3") = 0 umount2("./101/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file1") = -1 EBUSY (Device or resource busy) umount2("./101/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./101/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 612 ./strace-static-x86_64: Process 612 attached [pid 612] set_robust_list(0x555556850660, 24) = 0 [pid 612] chdir("./102") = 0 [pid 612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 612] setpgid(0, 0) = 0 [pid 612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 612] write(3, "1000", 4) = 4 [pid 612] close(3) = 0 [pid 612] symlink("/dev/binderfs", "./binderfs") = 0 [ 28.019397][ T609] loop0: detected capacity change from 0 to 1024 [ 28.027010][ T609] EXT4-fs: Ignoring removed orlov option [ 28.032498][ T609] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 612] write(1, "executing program\n", 18executing program ) = 18 [pid 612] memfd_create("syzkaller", 0) = 3 [pid 612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 612] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 612] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 612] close(3) = 0 [pid 612] close(4) = 0 [pid 612] mkdir("./file1", 0777) = 0 [pid 612] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 612] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 612] chdir("./file1") = 0 [pid 612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 612] ioctl(4, LOOP_CLR_FD) = 0 [pid 612] close(4) = 0 [pid 612] chdir("./file0") = 0 [pid 612] creat("./bus", 000) = 4 [pid 612] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 612] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 612] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 612] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 612] exit_group(0) = ? [pid 612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=612, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./102/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./102/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./102/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./102/file1/lost+found") = 0 umount2("./102/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./102/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/file1/file0/file0") = 0 umount2("./102/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/file1/file0/file1") = 0 umount2("./102/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./102/file1/file0") = 0 umount2("./102/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/file1/file1") = 0 umount2("./102/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/file1/file2") = 0 umount2("./102/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/file1/file3") = 0 umount2("./102/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file1") = -1 EBUSY (Device or resource busy) umount2("./102/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./102/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 615 ./strace-static-x86_64: Process 615 attached [pid 615] set_robust_list(0x555556850660, 24) = 0 [pid 615] chdir("./103") = 0 [pid 615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 615] setpgid(0, 0) = 0 [pid 615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 615] write(3, "1000", 4) = 4 [pid 615] close(3) = 0 [pid 615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 615] write(1, "executing program\n", 18) = 18 [pid 615] memfd_create("syzkaller", 0) = 3 [pid 615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 executing program [pid 615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 615] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.084951][ T612] loop0: detected capacity change from 0 to 1024 [ 28.093384][ T612] EXT4-fs: Ignoring removed orlov option [ 28.098954][ T612] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 615] close(3) = 0 [pid 615] close(4) = 0 [pid 615] mkdir("./file1", 0777) = 0 [pid 615] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 615] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 615] chdir("./file1") = 0 [pid 615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 615] ioctl(4, LOOP_CLR_FD) = 0 [pid 615] close(4) = 0 [pid 615] chdir("./file0") = 0 [pid 615] creat("./bus", 000) = 4 [pid 615] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 615] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 615] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 615] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 615] exit_group(0) = ? [pid 615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=615, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./103/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./103/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./103/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./103/file1/lost+found") = 0 umount2("./103/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./103/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/file1/file0/file0") = 0 umount2("./103/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/file1/file0/file1") = 0 umount2("./103/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./103/file1/file0") = 0 umount2("./103/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/file1/file1") = 0 umount2("./103/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/file1/file2") = 0 umount2("./103/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/file1/file3") = 0 umount2("./103/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file1") = -1 EBUSY (Device or resource busy) umount2("./103/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./103/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 618 ./strace-static-x86_64: Process 618 attached [pid 618] set_robust_list(0x555556850660, 24) = 0 [pid 618] chdir("./104") = 0 [pid 618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 618] setpgid(0, 0) = 0 [pid 618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 618] write(3, "1000", 4) = 4 [pid 618] close(3) = 0 [pid 618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 618] write(1, "executing program\n", 18) = 18 [pid 618] memfd_create("syzkaller", 0) = 3 [pid 618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 executing program [ 28.139563][ T615] loop0: detected capacity change from 0 to 1024 [ 28.146785][ T615] EXT4-fs: Ignoring removed orlov option [ 28.152403][ T615] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 618] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 618] close(3) = 0 [pid 618] close(4) = 0 [pid 618] mkdir("./file1", 0777) = 0 [pid 618] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 618] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 618] chdir("./file1") = 0 [pid 618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 618] ioctl(4, LOOP_CLR_FD) = 0 [pid 618] close(4) = 0 [pid 618] chdir("./file0") = 0 [pid 618] creat("./bus", 000) = 4 [pid 618] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 618] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 618] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 618] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 618] exit_group(0) = ? [pid 618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=618, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./104/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./104/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./104/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./104/file1/lost+found") = 0 umount2("./104/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./104/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/file1/file0/file0") = 0 umount2("./104/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/file1/file0/file1") = 0 umount2("./104/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./104/file1/file0") = 0 umount2("./104/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/file1/file1") = 0 umount2("./104/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/file1/file2") = 0 umount2("./104/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/file1/file3") = 0 umount2("./104/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file1") = -1 EBUSY (Device or resource busy) umount2("./104/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./104/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 621 ./strace-static-x86_64: Process 621 attached [pid 621] set_robust_list(0x555556850660, 24) = 0 [pid 621] chdir("./105") = 0 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0) = 0 [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 621] write(1, "executing program\n", 18) = 18 [pid 621] memfd_create("syzkaller", 0) = 3 [pid 621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 28.203175][ T618] loop0: detected capacity change from 0 to 1024 [ 28.210424][ T618] EXT4-fs: Ignoring removed orlov option [ 28.215914][ T618] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 621] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 621] close(3) = 0 [pid 621] close(4) = 0 [pid 621] mkdir("./file1", 0777) = 0 [pid 621] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 621] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 621] chdir("./file1") = 0 [pid 621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 621] ioctl(4, LOOP_CLR_FD) = 0 [pid 621] close(4) = 0 [pid 621] chdir("./file0") = 0 [pid 621] creat("./bus", 000) = 4 [pid 621] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 621] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 621] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 621] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 621] exit_group(0) = ? [pid 621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=621, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./105/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./105/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./105/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./105/file1/lost+found") = 0 umount2("./105/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./105/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/file1/file0/file0") = 0 umount2("./105/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/file1/file0/file1") = 0 umount2("./105/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./105/file1/file0") = 0 umount2("./105/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/file1/file1") = 0 umount2("./105/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/file1/file2") = 0 umount2("./105/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/file1/file3") = 0 umount2("./105/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file1") = -1 EBUSY (Device or resource busy) umount2("./105/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./105/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 624 ./strace-static-x86_64: Process 624 attached [pid 624] set_robust_list(0x555556850660, 24) = 0 [pid 624] chdir("./106") = 0 [pid 624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 624] setpgid(0, 0) = 0 [pid 624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 624] write(3, "1000", 4) = 4 [pid 624] close(3) = 0 [pid 624] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 624] write(1, "executing program\n", 18) = 18 [pid 624] memfd_create("syzkaller", 0) = 3 [pid 624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 624] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.266392][ T621] loop0: detected capacity change from 0 to 1024 [ 28.273399][ T621] EXT4-fs: Ignoring removed orlov option [ 28.279139][ T621] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 624] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 624] close(3) = 0 [pid 624] close(4) = 0 [pid 624] mkdir("./file1", 0777) = 0 [pid 624] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 624] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 624] chdir("./file1") = 0 [pid 624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 624] ioctl(4, LOOP_CLR_FD) = 0 [pid 624] close(4) = 0 [pid 624] chdir("./file0") = 0 [pid 624] creat("./bus", 000) = 4 [pid 624] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 624] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 624] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 624] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 624] exit_group(0) = ? [pid 624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=624, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./106/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./106/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./106/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./106/file1/lost+found") = 0 umount2("./106/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./106/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/file1/file0/file0") = 0 umount2("./106/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/file1/file0/file1") = 0 umount2("./106/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./106/file1/file0") = 0 umount2("./106/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/file1/file1") = 0 umount2("./106/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/file1/file2") = 0 umount2("./106/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/file1/file3") = 0 umount2("./106/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file1") = -1 EBUSY (Device or resource busy) umount2("./106/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./106/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 627 ./strace-static-x86_64: Process 627 attached [pid 627] set_robust_list(0x555556850660, 24) = 0 [pid 627] chdir("./107") = 0 [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0) = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 627] write(1, "executing program\n", 18) = 18 [pid 627] memfd_create("syzkaller", 0) = 3 [pid 627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 28.314067][ T624] loop0: detected capacity change from 0 to 1024 [ 28.321009][ T624] EXT4-fs: Ignoring removed orlov option [ 28.326690][ T624] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 627] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 627] close(3) = 0 [pid 627] close(4) = 0 [pid 627] mkdir("./file1", 0777) = 0 [pid 627] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 627] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 627] chdir("./file1") = 0 [pid 627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 627] ioctl(4, LOOP_CLR_FD) = 0 [pid 627] close(4) = 0 [pid 627] chdir("./file0") = 0 [pid 627] creat("./bus", 000) = 4 [pid 627] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 627] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 627] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 627] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 627] exit_group(0) = ? [pid 627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=627, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./107/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./107/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./107/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./107/file1/lost+found") = 0 umount2("./107/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./107/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/file1/file0/file0") = 0 umount2("./107/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/file1/file0/file1") = 0 umount2("./107/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./107/file1/file0") = 0 umount2("./107/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/file1/file1") = 0 umount2("./107/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/file1/file2") = 0 umount2("./107/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/file1/file3") = 0 umount2("./107/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file1") = -1 EBUSY (Device or resource busy) umount2("./107/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./107/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 630 ./strace-static-x86_64: Process 630 attached [pid 630] set_robust_list(0x555556850660, 24) = 0 [pid 630] chdir("./108") = 0 [pid 630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 630] setpgid(0, 0) = 0 [pid 630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 630] write(3, "1000", 4) = 4 [pid 630] close(3) = 0 [pid 630] symlink("/dev/binderfs", "./binderfs") = 0 [pid 630] write(1, "executing program\n", 18executing program ) = 18 [pid 630] memfd_create("syzkaller", 0) = 3 [pid 630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 28.377177][ T627] loop0: detected capacity change from 0 to 1024 [ 28.384144][ T627] EXT4-fs: Ignoring removed orlov option [ 28.389900][ T627] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 630] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 630] close(3) = 0 [pid 630] close(4) = 0 [pid 630] mkdir("./file1", 0777) = 0 [pid 630] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 630] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 630] chdir("./file1") = 0 [pid 630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 630] ioctl(4, LOOP_CLR_FD) = 0 [pid 630] close(4) = 0 [pid 630] chdir("./file0") = 0 [pid 630] creat("./bus", 000) = 4 [pid 630] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 630] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 630] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 630] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 630] exit_group(0) = ? [pid 630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=630, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./108/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./108/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./108/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./108/file1/lost+found") = 0 umount2("./108/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./108/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/file1/file0/file0") = 0 umount2("./108/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/file1/file0/file1") = 0 umount2("./108/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./108/file1/file0") = 0 umount2("./108/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/file1/file1") = 0 umount2("./108/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/file1/file2") = 0 umount2("./108/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/file1/file3") = 0 umount2("./108/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file1") = -1 EBUSY (Device or resource busy) umount2("./108/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./108/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 633 ./strace-static-x86_64: Process 633 attached [pid 633] set_robust_list(0x555556850660, 24) = 0 [pid 633] chdir("./109") = 0 [pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 633] setpgid(0, 0) = 0 [pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 633] write(3, "1000", 4) = 4 [pid 633] close(3) = 0 [pid 633] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 633] write(1, "executing program\n", 18) = 18 [pid 633] memfd_create("syzkaller", 0) = 3 [pid 633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 633] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.441315][ T630] loop0: detected capacity change from 0 to 1024 [ 28.448898][ T630] EXT4-fs: Ignoring removed orlov option [ 28.454387][ T630] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 633] close(3) = 0 [pid 633] close(4) = 0 [pid 633] mkdir("./file1", 0777) = 0 [pid 633] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 633] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 633] chdir("./file1") = 0 [pid 633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 633] ioctl(4, LOOP_CLR_FD) = 0 [pid 633] close(4) = 0 [pid 633] chdir("./file0") = 0 [pid 633] creat("./bus", 000) = 4 [pid 633] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 633] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 633] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 633] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 633] exit_group(0) = ? [pid 633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=633, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./109/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./109/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./109/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./109/file1/lost+found") = 0 umount2("./109/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./109/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/file1/file0/file0") = 0 umount2("./109/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/file1/file0/file1") = 0 umount2("./109/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./109/file1/file0") = 0 umount2("./109/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/file1/file1") = 0 umount2("./109/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/file1/file2") = 0 umount2("./109/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/file1/file3") = 0 umount2("./109/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file1") = -1 EBUSY (Device or resource busy) umount2("./109/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./109/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 28.501362][ T633] loop0: detected capacity change from 0 to 1024 [ 28.509279][ T633] EXT4-fs: Ignoring removed orlov option [ 28.514907][ T633] EXT4-fs: Ignoring removed nomblk_io_submit option ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 636 ./strace-static-x86_64: Process 636 attached [pid 636] set_robust_list(0x555556850660, 24) = 0 [pid 636] chdir("./110") = 0 [pid 636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 636] setpgid(0, 0) = 0 [pid 636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 636] write(3, "1000", 4) = 4 [pid 636] close(3) = 0 [pid 636] symlink("/dev/binderfs", "./binderfs") = 0 [pid 636] write(1, "executing program\n", 18) = 18 [pid 636] memfd_create("syzkaller", 0) = 3 [pid 636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 636] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 636] close(3) = 0 [pid 636] close(4) = 0 [pid 636] mkdir("./file1", 0777) = 0 [pid 636] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 636] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 636] chdir("./file1") = 0 [pid 636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 636] ioctl(4, LOOP_CLR_FD) = 0 [pid 636] close(4) = 0 [pid 636] chdir("./file0") = 0 [pid 636] creat("./bus", 000) = 4 [pid 636] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 636] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 636] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 636] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 636] exit_group(0) = ? [pid 636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=636, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./110/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./110/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./110/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./110/file1/lost+found") = 0 umount2("./110/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./110/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/file1/file0/file0") = 0 umount2("./110/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/file1/file0/file1") = 0 umount2("./110/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./110/file1/file0") = 0 umount2("./110/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/file1/file1") = 0 umount2("./110/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/file1/file2") = 0 umount2("./110/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/file1/file3") = 0 umount2("./110/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file1") = -1 EBUSY (Device or resource busy) umount2("./110/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./110/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 639 ./strace-static-x86_64: Process 639 attached [pid 639] set_robust_list(0x555556850660, 24) = 0 [pid 639] chdir("./111") = 0 [pid 639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 639] setpgid(0, 0) = 0 [pid 639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 639] write(3, "1000", 4) = 4 [pid 639] close(3) = 0 [pid 639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 639] write(1, "executing program\n", 18executing program ) = 18 [pid 639] memfd_create("syzkaller", 0) = 3 [pid 639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 639] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.565790][ T636] loop0: detected capacity change from 0 to 1024 [ 28.572946][ T636] EXT4-fs: Ignoring removed orlov option [ 28.578472][ T636] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 639] close(3) = 0 [pid 639] close(4) = 0 [pid 639] mkdir("./file1", 0777) = 0 [pid 639] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 639] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 639] chdir("./file1") = 0 [pid 639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 639] ioctl(4, LOOP_CLR_FD) = 0 [pid 639] close(4) = 0 [pid 639] chdir("./file0") = 0 [pid 639] creat("./bus", 000) = 4 [pid 639] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 639] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 639] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 639] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 639] exit_group(0) = ? [pid 639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=639, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./111/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./111/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./111/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./111/file1/lost+found") = 0 umount2("./111/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./111/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/file1/file0/file0") = 0 umount2("./111/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/file1/file0/file1") = 0 umount2("./111/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./111/file1/file0") = 0 umount2("./111/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/file1/file1") = 0 umount2("./111/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/file1/file2") = 0 umount2("./111/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/file1/file3") = 0 umount2("./111/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file1") = -1 EBUSY (Device or resource busy) umount2("./111/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./111/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 643 ./strace-static-x86_64: Process 643 attached [pid 643] set_robust_list(0x555556850660, 24) = 0 [pid 643] chdir("./112") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 643] write(1, "executing program\n", 18) = 18 [pid 643] memfd_create("syzkaller", 0) = 3 [pid 643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 643] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.619493][ T639] loop0: detected capacity change from 0 to 1024 [ 28.627189][ T639] EXT4-fs: Ignoring removed orlov option [ 28.632703][ T639] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 643] close(3) = 0 [pid 643] close(4) = 0 [pid 643] mkdir("./file1", 0777) = 0 [pid 643] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 643] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 643] chdir("./file1") = 0 [pid 643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 643] ioctl(4, LOOP_CLR_FD) = 0 [pid 643] close(4) = 0 [pid 643] chdir("./file0") = 0 [pid 643] creat("./bus", 000) = 4 [pid 643] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 643] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 643] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 643] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 643] exit_group(0) = ? [pid 643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=643, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./112/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./112/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./112/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./112/file1/lost+found") = 0 umount2("./112/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./112/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/file1/file0/file0") = 0 umount2("./112/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/file1/file0/file1") = 0 umount2("./112/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./112/file1/file0") = 0 umount2("./112/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/file1/file1") = 0 umount2("./112/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/file1/file2") = 0 umount2("./112/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/file1/file3") = 0 umount2("./112/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file1") = -1 EBUSY (Device or resource busy) [ 28.676676][ T643] loop0: detected capacity change from 0 to 1024 [ 28.683813][ T643] EXT4-fs: Ignoring removed orlov option [ 28.689733][ T643] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./112/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./112/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 646 ./strace-static-x86_64: Process 646 attached [pid 646] set_robust_list(0x555556850660, 24) = 0 [pid 646] chdir("./113") = 0 [pid 646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 646] setpgid(0, 0) = 0 [pid 646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 646] write(3, "1000", 4) = 4 [pid 646] close(3) = 0 [pid 646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 646] write(1, "executing program\n", 18) = 18 [pid 646] memfd_create("syzkaller", 0) = 3 [pid 646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 646] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 646] close(3) = 0 [pid 646] close(4) = 0 [pid 646] mkdir("./file1", 0777) = 0 [pid 646] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 646] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 646] chdir("./file1") = 0 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 646] ioctl(4, LOOP_CLR_FD) = 0 [pid 646] close(4) = 0 [pid 646] chdir("./file0") = 0 [pid 646] creat("./bus", 000) = 4 [pid 646] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 646] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 646] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 646] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 646] exit_group(0) = ? [pid 646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=646, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./113/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./113/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./113/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./113/file1/lost+found") = 0 umount2("./113/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./113/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/file1/file0/file0") = 0 umount2("./113/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/file1/file0/file1") = 0 umount2("./113/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./113/file1/file0") = 0 umount2("./113/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/file1/file1") = 0 umount2("./113/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/file1/file2") = 0 umount2("./113/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/file1/file3") = 0 umount2("./113/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file1") = -1 EBUSY (Device or resource busy) umount2("./113/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./113/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x555556850660, 24) = 0 [pid 649] chdir("./114") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] write(1, "executing program\n", 18) = 18 [pid 649] memfd_create("syzkaller", 0) = 3 [pid 649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 649] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 28.746042][ T646] loop0: detected capacity change from 0 to 1024 [ 28.753284][ T646] EXT4-fs: Ignoring removed orlov option [ 28.758806][ T646] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 649] close(3) = 0 [pid 649] close(4) = 0 [pid 649] mkdir("./file1", 0777) = 0 [pid 649] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 649] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 649] chdir("./file1") = 0 [pid 649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 649] ioctl(4, LOOP_CLR_FD) = 0 [pid 649] close(4) = 0 [pid 649] chdir("./file0") = 0 [pid 649] creat("./bus", 000) = 4 [pid 649] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 649] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 649] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 649] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 649] exit_group(0) = ? [pid 649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=649, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./114/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./114/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./114/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./114/file1/lost+found") = 0 umount2("./114/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./114/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/file1/file0/file0") = 0 umount2("./114/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/file1/file0/file1") = 0 umount2("./114/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./114/file1/file0") = 0 umount2("./114/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/file1/file1") = 0 umount2("./114/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/file1/file2") = 0 umount2("./114/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/file1/file3") = 0 umount2("./114/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file1") = -1 EBUSY (Device or resource busy) umount2("./114/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./114/file1") = 0 [ 28.798830][ T649] loop0: detected capacity change from 0 to 1024 [ 28.806277][ T649] EXT4-fs: Ignoring removed orlov option [ 28.811868][ T649] EXT4-fs: Ignoring removed nomblk_io_submit option getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 652 ./strace-static-x86_64: Process 652 attached [pid 652] set_robust_list(0x555556850660, 24) = 0 [pid 652] chdir("./115") = 0 [pid 652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 652] setpgid(0, 0) = 0 [pid 652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 652] write(3, "1000", 4) = 4 [pid 652] close(3) = 0 [pid 652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 652] write(1, "executing program\n", 18executing program ) = 18 [pid 652] memfd_create("syzkaller", 0) = 3 [pid 652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 652] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 652] close(3) = 0 [pid 652] close(4) = 0 [pid 652] mkdir("./file1", 0777) = 0 [pid 652] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 652] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 652] chdir("./file1") = 0 [pid 652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 652] ioctl(4, LOOP_CLR_FD) = 0 [pid 652] close(4) = 0 [pid 652] chdir("./file0") = 0 [pid 652] creat("./bus", 000) = 4 [pid 652] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 652] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 652] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 652] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 652] exit_group(0) = ? [pid 652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=652, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./115/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./115/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./115/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./115/file1/lost+found") = 0 umount2("./115/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./115/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/file1/file0/file0") = 0 umount2("./115/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/file1/file0/file1") = 0 umount2("./115/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./115/file1/file0") = 0 umount2("./115/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/file1/file1") = 0 umount2("./115/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/file1/file2") = 0 umount2("./115/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/file1/file3") = 0 umount2("./115/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file1") = -1 EBUSY (Device or resource busy) [ 28.871105][ T652] loop0: detected capacity change from 0 to 1024 [ 28.878191][ T652] EXT4-fs: Ignoring removed orlov option [ 28.885934][ T652] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./115/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./115/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 655 ./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x555556850660, 24) = 0 [pid 655] chdir("./116") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 655] write(1, "executing program\n", 18) = 18 [pid 655] memfd_create("syzkaller", 0) = 3 [pid 655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 655] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 655] close(3) = 0 [pid 655] close(4) = 0 [pid 655] mkdir("./file1", 0777) = 0 [pid 655] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 655] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 655] chdir("./file1") = 0 [pid 655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 655] ioctl(4, LOOP_CLR_FD) = 0 [pid 655] close(4) = 0 [pid 655] chdir("./file0") = 0 [pid 655] creat("./bus", 000) = 4 [pid 655] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 655] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 655] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 655] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 655] exit_group(0) = ? [pid 655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=655, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./116/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./116/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./116/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./116/file1/lost+found") = 0 umount2("./116/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./116/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/file1/file0/file0") = 0 umount2("./116/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/file1/file0/file1") = 0 umount2("./116/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./116/file1/file0") = 0 umount2("./116/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/file1/file1") = 0 umount2("./116/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/file1/file2") = 0 umount2("./116/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/file1/file3") = 0 umount2("./116/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file1") = -1 EBUSY (Device or resource busy) umount2("./116/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./116/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 658 ./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x555556850660, 24) = 0 [pid 658] chdir("./117") = 0 [pid 658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 658] setpgid(0, 0) = 0 [pid 658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 658] write(3, "1000", 4) = 4 [pid 658] close(3) = 0 [pid 658] symlink("/dev/binderfs", "./binderfs") = 0 [pid 658] write(1, "executing program\n", 18executing program ) = 18 [pid 658] memfd_create("syzkaller", 0) = 3 [pid 658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 658] munmap(0x7f9cfca3c000, 138412032) = 0 [ 28.943235][ T655] loop0: detected capacity change from 0 to 1024 [ 28.950248][ T655] EXT4-fs: Ignoring removed orlov option [ 28.958249][ T655] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 658] close(3) = 0 [pid 658] close(4) = 0 [pid 658] mkdir("./file1", 0777) = 0 [pid 658] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 658] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 658] chdir("./file1") = 0 [pid 658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 658] ioctl(4, LOOP_CLR_FD) = 0 [pid 658] close(4) = 0 [pid 658] chdir("./file0") = 0 [pid 658] creat("./bus", 000) = 4 [pid 658] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 658] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 658] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 658] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 658] exit_group(0) = ? [pid 658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=658, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./117/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./117/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./117/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./117/file1/lost+found") = 0 umount2("./117/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./117/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/file1/file0/file0") = 0 umount2("./117/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/file1/file0/file1") = 0 umount2("./117/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./117/file1/file0") = 0 umount2("./117/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/file1/file1") = 0 umount2("./117/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/file1/file2") = 0 umount2("./117/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/file1/file3") = 0 umount2("./117/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file1") = -1 EBUSY (Device or resource busy) umount2("./117/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./117/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 661 ./strace-static-x86_64: Process 661 attached [pid 661] set_robust_list(0x555556850660, 24) = 0 [pid 661] chdir("./118") = 0 [pid 661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 661] setpgid(0, 0) = 0 [pid 661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 661] write(3, "1000", 4) = 4 [pid 661] close(3executing program ) = 0 [pid 661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 661] write(1, "executing program\n", 18) = 18 [pid 661] memfd_create("syzkaller", 0) = 3 [pid 661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 29.003048][ T658] loop0: detected capacity change from 0 to 1024 [ 29.010126][ T658] EXT4-fs: Ignoring removed orlov option [ 29.015608][ T658] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 661] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 661] close(3) = 0 [pid 661] close(4) = 0 [pid 661] mkdir("./file1", 0777) = 0 [pid 661] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 661] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 661] chdir("./file1") = 0 [pid 661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 661] ioctl(4, LOOP_CLR_FD) = 0 [pid 661] close(4) = 0 [pid 661] chdir("./file0") = 0 [pid 661] creat("./bus", 000) = 4 [pid 661] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 661] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 661] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 661] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 661] exit_group(0) = ? [pid 661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=661, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./118/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./118/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./118/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./118/file1/lost+found") = 0 umount2("./118/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./118/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/file1/file0/file0") = 0 umount2("./118/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/file1/file0/file1") = 0 umount2("./118/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./118/file1/file0") = 0 umount2("./118/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/file1/file1") = 0 umount2("./118/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/file1/file2") = 0 umount2("./118/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/file1/file3") = 0 umount2("./118/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file1") = -1 EBUSY (Device or resource busy) umount2("./118/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./118/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 29.066475][ T661] loop0: detected capacity change from 0 to 1024 [ 29.074194][ T661] EXT4-fs: Ignoring removed orlov option [ 29.079835][ T661] EXT4-fs: Ignoring removed nomblk_io_submit option close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 664 ./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x555556850660, 24) = 0 [pid 664] chdir("./119") = 0 [pid 664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 664] setpgid(0, 0) = 0 [pid 664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 664] write(3, "1000", 4) = 4 [pid 664] close(3) = 0 [pid 664] symlink("/dev/binderfs", "./binderfs") = 0 [pid 664] write(1, "executing program\n", 18) = 18 [pid 664] memfd_create("syzkaller", 0) = 3 [pid 664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 664] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 664] close(3) = 0 [pid 664] close(4) = 0 [pid 664] mkdir("./file1", 0777) = 0 [pid 664] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 664] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 664] chdir("./file1") = 0 [pid 664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 664] ioctl(4, LOOP_CLR_FD) = 0 [pid 664] close(4) = 0 [pid 664] chdir("./file0") = 0 [pid 664] creat("./bus", 000) = 4 [pid 664] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 664] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 664] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 664] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 664] exit_group(0) = ? [pid 664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=664, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./119/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./119/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./119/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./119/file1/lost+found") = 0 umount2("./119/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./119/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/file1/file0/file0") = 0 umount2("./119/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/file1/file0/file1") = 0 umount2("./119/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./119/file1/file0") = 0 umount2("./119/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/file1/file1") = 0 umount2("./119/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/file1/file2") = 0 umount2("./119/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/file1/file3") = 0 umount2("./119/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file1") = -1 EBUSY (Device or resource busy) umount2("./119/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./119/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 667 ./strace-static-x86_64: Process 667 attached [pid 667] set_robust_list(0x555556850660, 24) = 0 [pid 667] chdir("./120") = 0 [pid 667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 667] setpgid(0, 0) = 0 [pid 667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 667] write(3, "1000", 4) = 4 [pid 667] close(3) = 0 [pid 667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 667] write(1, "executing program\n", 18executing program ) = 18 [pid 667] memfd_create("syzkaller", 0) = 3 [pid 667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 667] munmap(0x7f9cfca3c000, 138412032) = 0 [ 29.132719][ T664] loop0: detected capacity change from 0 to 1024 [ 29.139794][ T664] EXT4-fs: Ignoring removed orlov option [ 29.145298][ T664] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 667] close(3) = 0 [pid 667] close(4) = 0 [pid 667] mkdir("./file1", 0777) = 0 [pid 667] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 667] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 667] chdir("./file1") = 0 [pid 667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 667] ioctl(4, LOOP_CLR_FD) = 0 [pid 667] close(4) = 0 [pid 667] chdir("./file0") = 0 [pid 667] creat("./bus", 000) = 4 [pid 667] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 667] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 667] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 667] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 667] exit_group(0) = ? [pid 667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=667, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./120/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./120/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./120/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./120/file1/lost+found") = 0 umount2("./120/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./120/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/file1/file0/file0") = 0 umount2("./120/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/file1/file0/file1") = 0 umount2("./120/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./120/file1/file0") = 0 umount2("./120/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/file1/file1") = 0 umount2("./120/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/file1/file2") = 0 umount2("./120/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/file1/file3") = 0 umount2("./120/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file1") = -1 EBUSY (Device or resource busy) umount2("./120/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./120/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 670 ./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x555556850660, 24) = 0 [pid 670] chdir("./121") = 0 [pid 670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 670] setpgid(0, 0) = 0 [pid 670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 670] write(3, "1000", 4) = 4 [pid 670] close(3) = 0 [pid 670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 670] write(1, "executing program\n", 18) = 18 [pid 670] memfd_create("syzkaller", 0) = 3 [pid 670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 670] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 670] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.193404][ T667] loop0: detected capacity change from 0 to 1024 [ 29.201010][ T667] EXT4-fs: Ignoring removed orlov option [ 29.206552][ T667] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 670] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 670] close(3) = 0 [pid 670] close(4) = 0 [pid 670] mkdir("./file1", 0777) = 0 [pid 670] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 670] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 670] chdir("./file1") = 0 [pid 670] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 670] ioctl(4, LOOP_CLR_FD) = 0 [pid 670] close(4) = 0 [pid 670] chdir("./file0") = 0 [pid 670] creat("./bus", 000) = 4 [pid 670] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 670] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 670] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 670] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 670] exit_group(0) = ? [pid 670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=670, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./121/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./121/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./121/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./121/file1/lost+found") = 0 umount2("./121/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./121/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/file1/file0/file0") = 0 umount2("./121/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/file1/file0/file1") = 0 umount2("./121/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./121/file1/file0") = 0 umount2("./121/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/file1/file1") = 0 umount2("./121/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/file1/file2") = 0 umount2("./121/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/file1/file3") = 0 umount2("./121/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file1") = -1 EBUSY (Device or resource busy) umount2("./121/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./121/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 673 ./strace-static-x86_64: Process 673 attached [pid 673] set_robust_list(0x555556850660, 24) = 0 [pid 673] chdir("./122") = 0 [pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 673] setpgid(0, 0) = 0 [pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 673] write(3, "1000", 4) = 4 [pid 673] close(3) = 0 [pid 673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 673] write(1, "executing program\n", 18executing program ) = 18 [pid 673] memfd_create("syzkaller", 0) = 3 [pid 673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 673] munmap(0x7f9cfca3c000, 138412032) = 0 [ 29.253028][ T670] loop0: detected capacity change from 0 to 1024 [ 29.259999][ T670] EXT4-fs: Ignoring removed orlov option [ 29.265468][ T670] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 673] close(3) = 0 [pid 673] close(4) = 0 [pid 673] mkdir("./file1", 0777) = 0 [pid 673] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 673] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 673] chdir("./file1") = 0 [pid 673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 673] ioctl(4, LOOP_CLR_FD) = 0 [pid 673] close(4) = 0 [pid 673] chdir("./file0") = 0 [pid 673] creat("./bus", 000) = 4 [pid 673] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 673] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 673] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 673] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 673] exit_group(0) = ? [pid 673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=673, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./122/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./122/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./122/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./122/file1/lost+found") = 0 umount2("./122/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./122/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/file1/file0/file0") = 0 umount2("./122/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/file1/file0/file1") = 0 umount2("./122/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./122/file1/file0") = 0 umount2("./122/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/file1/file1") = 0 umount2("./122/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/file1/file2") = 0 umount2("./122/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/file1/file3") = 0 umount2("./122/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file1") = -1 EBUSY (Device or resource busy) umount2("./122/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./122/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 676 ./strace-static-x86_64: Process 676 attached [pid 676] set_robust_list(0x555556850660, 24) = 0 [pid 676] chdir("./123") = 0 [pid 676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 676] setpgid(0, 0) = 0 [pid 676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 676] write(3, "1000", 4) = 4 [pid 676] close(3) = 0 [pid 676] symlink("/dev/binderfs", "./binderfs") = 0 [pid 676] write(1, "executing program\n", 18) = 18 [pid 676] memfd_create("syzkaller", 0) = 3 [pid 676] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 676] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [ 29.310869][ T673] loop0: detected capacity change from 0 to 1024 [ 29.318264][ T673] EXT4-fs: Ignoring removed orlov option [ 29.323954][ T673] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 676] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 676] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 676] close(3) = 0 [pid 676] close(4) = 0 [pid 676] mkdir("./file1", 0777) = 0 [pid 676] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 676] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 676] chdir("./file1") = 0 [pid 676] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 676] ioctl(4, LOOP_CLR_FD) = 0 [pid 676] close(4) = 0 [pid 676] chdir("./file0") = 0 [pid 676] creat("./bus", 000) = 4 [pid 676] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 676] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 676] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 676] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 676] exit_group(0) = ? [pid 676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=676, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./123/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./123/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./123/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./123/file1/lost+found") = 0 umount2("./123/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./123/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/file1/file0/file0") = 0 umount2("./123/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/file1/file0/file1") = 0 umount2("./123/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./123/file1/file0") = 0 umount2("./123/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/file1/file1") = 0 umount2("./123/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/file1/file2") = 0 umount2("./123/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/file1/file3") = 0 umount2("./123/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file1") = -1 EBUSY (Device or resource busy) umount2("./123/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./123/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 679 ./strace-static-x86_64: Process 679 attached [pid 679] set_robust_list(0x555556850660, 24) = 0 [pid 679] chdir("./124") = 0 [pid 679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 679] setpgid(0, 0) = 0 [pid 679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 679] write(3, "1000", 4) = 4 [pid 679] close(3) = 0 [ 29.372695][ T676] loop0: detected capacity change from 0 to 1024 [ 29.379979][ T676] EXT4-fs: Ignoring removed orlov option [ 29.385456][ T676] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 679] write(1, "executing program\n", 18executing program ) = 18 [pid 679] memfd_create("syzkaller", 0) = 3 [pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 679] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 679] close(3) = 0 [pid 679] close(4) = 0 [pid 679] mkdir("./file1", 0777) = 0 [pid 679] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 679] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 679] chdir("./file1") = 0 [pid 679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 679] ioctl(4, LOOP_CLR_FD) = 0 [pid 679] close(4) = 0 [pid 679] chdir("./file0") = 0 [pid 679] creat("./bus", 000) = 4 [pid 679] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 679] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 679] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 679] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 679] exit_group(0) = ? [pid 679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=679, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./124/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./124/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./124/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./124/file1/lost+found") = 0 umount2("./124/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./124/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/file1/file0/file0") = 0 umount2("./124/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/file1/file0/file1") = 0 umount2("./124/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./124/file1/file0") = 0 umount2("./124/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/file1/file1") = 0 umount2("./124/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/file1/file2") = 0 umount2("./124/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/file1/file3") = 0 umount2("./124/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file1") = -1 EBUSY (Device or resource busy) umount2("./124/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./124/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 682 ./strace-static-x86_64: Process 682 attached [pid 682] set_robust_list(0x555556850660, 24) = 0 [pid 682] chdir("./125") = 0 [pid 682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 682] setpgid(0, 0) = 0 [pid 682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 682] write(3, "1000", 4) = 4 [pid 682] close(3) = 0 [pid 682] symlink("/dev/binderfs", "./binderfs") = 0 [pid 682] write(1, "executing program\n", 18) = 18 [pid 682] memfd_create("syzkaller", 0) = 3 [pid 682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 29.438287][ T679] loop0: detected capacity change from 0 to 1024 [ 29.445334][ T679] EXT4-fs: Ignoring removed orlov option [ 29.451086][ T679] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 682] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 682] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 682] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 682] close(3) = 0 [pid 682] close(4) = 0 [pid 682] mkdir("./file1", 0777) = 0 [pid 682] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 682] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 682] chdir("./file1") = 0 [pid 682] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 682] ioctl(4, LOOP_CLR_FD) = 0 [pid 682] close(4) = 0 [pid 682] chdir("./file0") = 0 [pid 682] creat("./bus", 000) = 4 [pid 682] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 682] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 682] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 682] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 682] exit_group(0) = ? [pid 682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=682, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./125/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./125/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./125/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./125/file1/lost+found") = 0 umount2("./125/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./125/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/file1/file0/file0") = 0 umount2("./125/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/file1/file0/file1") = 0 umount2("./125/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./125/file1/file0") = 0 umount2("./125/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/file1/file1") = 0 umount2("./125/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/file1/file2") = 0 umount2("./125/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/file1/file3") = 0 umount2("./125/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file1") = -1 EBUSY (Device or resource busy) umount2("./125/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./125/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 685 ./strace-static-x86_64: Process 685 attached [pid 685] set_robust_list(0x555556850660, 24) = 0 [pid 685] chdir("./126") = 0 [pid 685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 685] setpgid(0, 0) = 0 [pid 685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 685] write(3, "1000", 4) = 4 [pid 685] close(3) = 0 [pid 685] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 685] write(1, "executing program\n", 18) = 18 [pid 685] memfd_create("syzkaller", 0) = 3 [pid 685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 29.500944][ T682] loop0: detected capacity change from 0 to 1024 [ 29.509176][ T682] EXT4-fs: Ignoring removed orlov option [ 29.514676][ T682] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 685] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 685] close(3) = 0 [pid 685] close(4) = 0 [pid 685] mkdir("./file1", 0777) = 0 [pid 685] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 685] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 685] chdir("./file1") = 0 [pid 685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 685] ioctl(4, LOOP_CLR_FD) = 0 [pid 685] close(4) = 0 [pid 685] chdir("./file0") = 0 [pid 685] creat("./bus", 000) = 4 [pid 685] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 685] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 685] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 685] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 685] exit_group(0) = ? [pid 685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=685, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./126/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./126/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./126/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./126/file1/lost+found") = 0 umount2("./126/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./126/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/file1/file0/file0") = 0 umount2("./126/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/file1/file0/file1") = 0 umount2("./126/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./126/file1/file0") = 0 umount2("./126/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/file1/file1") = 0 umount2("./126/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/file1/file2") = 0 umount2("./126/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/file1/file3") = 0 umount2("./126/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file1") = -1 EBUSY (Device or resource busy) umount2("./126/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./126/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 688 ./strace-static-x86_64: Process 688 attached [pid 688] set_robust_list(0x555556850660, 24) = 0 [pid 688] chdir("./127") = 0 [pid 688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 688] setpgid(0, 0) = 0 [pid 688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 688] write(3, "1000", 4) = 4 [pid 688] close(3) = 0 [pid 688] symlink("/dev/binderfs", "./binderfs") = 0 [pid 688] write(1, "executing program\n", 18executing program ) = 18 [pid 688] memfd_create("syzkaller", 0) = 3 [pid 688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 688] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 688] munmap(0x7f9cfca3c000, 138412032) = 0 [ 29.564457][ T685] loop0: detected capacity change from 0 to 1024 [ 29.572229][ T685] EXT4-fs: Ignoring removed orlov option [ 29.578012][ T685] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 688] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 688] close(3) = 0 [pid 688] close(4) = 0 [pid 688] mkdir("./file1", 0777) = 0 [pid 688] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 688] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 688] chdir("./file1") = 0 [pid 688] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 688] ioctl(4, LOOP_CLR_FD) = 0 [pid 688] close(4) = 0 [pid 688] chdir("./file0") = 0 [pid 688] creat("./bus", 000) = 4 [pid 688] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 688] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 688] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 688] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 688] exit_group(0) = ? [pid 688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=688, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./127/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./127/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./127/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./127/file1/lost+found") = 0 umount2("./127/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./127/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/file1/file0/file0") = 0 umount2("./127/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/file1/file0/file1") = 0 umount2("./127/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./127/file1/file0") = 0 umount2("./127/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/file1/file1") = 0 umount2("./127/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/file1/file2") = 0 umount2("./127/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/file1/file3") = 0 umount2("./127/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file1") = -1 EBUSY (Device or resource busy) umount2("./127/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./127/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 692 ./strace-static-x86_64: Process 692 attached [pid 692] set_robust_list(0x555556850660, 24) = 0 [pid 692] chdir("./128") = 0 [pid 692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 692] setpgid(0, 0) = 0 [pid 692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 692] write(3, "1000", 4) = 4 [pid 692] close(3) = 0 [pid 692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 692] write(1, "executing program\n", 18) = 18 [pid 692] memfd_create("syzkaller", 0) = 3 [pid 692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 692] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.625337][ T688] loop0: detected capacity change from 0 to 1024 [ 29.632474][ T688] EXT4-fs: Ignoring removed orlov option [ 29.638160][ T688] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 692] close(3) = 0 [pid 692] close(4) = 0 [pid 692] mkdir("./file1", 0777) = 0 [pid 692] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 692] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 692] chdir("./file1") = 0 [pid 692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 692] ioctl(4, LOOP_CLR_FD) = 0 [pid 692] close(4) = 0 [pid 692] chdir("./file0") = 0 [pid 692] creat("./bus", 000) = 4 [pid 692] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 692] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 692] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 692] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 692] exit_group(0) = ? [pid 692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=692, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./128/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./128/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./128/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./128/file1/lost+found") = 0 umount2("./128/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./128/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/file1/file0/file0") = 0 umount2("./128/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/file1/file0/file1") = 0 umount2("./128/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./128/file1/file0") = 0 umount2("./128/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/file1/file1") = 0 umount2("./128/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/file1/file2") = 0 umount2("./128/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/file1/file3") = 0 umount2("./128/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file1") = -1 EBUSY (Device or resource busy) umount2("./128/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./128/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 695 ./strace-static-x86_64: Process 695 attached [pid 695] set_robust_list(0x555556850660, 24) = 0 [pid 695] chdir("./129") = 0 [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 695] setpgid(0, 0) = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 695] write(3, "1000", 4) = 4 [pid 695] close(3) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 695] write(1, "executing program\n", 18) = 18 [pid 695] memfd_create("syzkaller", 0) = 3 [pid 695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 695] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.685049][ T692] loop0: detected capacity change from 0 to 1024 [ 29.692830][ T692] EXT4-fs: Ignoring removed orlov option [ 29.698441][ T692] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 695] close(3) = 0 [pid 695] close(4) = 0 [pid 695] mkdir("./file1", 0777) = 0 [pid 695] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 695] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 695] chdir("./file1") = 0 [pid 695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 695] ioctl(4, LOOP_CLR_FD) = 0 [pid 695] close(4) = 0 [pid 695] chdir("./file0") = 0 [pid 695] creat("./bus", 000) = 4 [pid 695] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 695] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 695] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 695] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 695] exit_group(0) = ? [pid 695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=695, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./129/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./129/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./129/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./129/file1/lost+found") = 0 umount2("./129/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./129/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/file1/file0/file0") = 0 umount2("./129/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/file1/file0/file1") = 0 umount2("./129/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./129/file1/file0") = 0 umount2("./129/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/file1/file1") = 0 umount2("./129/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/file1/file2") = 0 umount2("./129/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/file1/file3") = 0 umount2("./129/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file1") = -1 EBUSY (Device or resource busy) umount2("./129/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./129/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 698 ./strace-static-x86_64: Process 698 attached [pid 698] set_robust_list(0x555556850660, 24) = 0 [pid 698] chdir("./130") = 0 [pid 698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 698] setpgid(0, 0) = 0 [pid 698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 698] write(3, "1000", 4) = 4 [pid 698] close(3) = 0 [pid 698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 698] write(1, "executing program\n", 18) = 18 [pid 698] memfd_create("syzkaller", 0) = 3 [pid 698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 29.734028][ T695] loop0: detected capacity change from 0 to 1024 [ 29.741848][ T695] EXT4-fs: Ignoring removed orlov option [ 29.747479][ T695] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 698] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 698] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 698] close(3) = 0 [pid 698] close(4) = 0 [pid 698] mkdir("./file1", 0777) = 0 [pid 698] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 698] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 698] chdir("./file1") = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 698] ioctl(4, LOOP_CLR_FD) = 0 [pid 698] close(4) = 0 [pid 698] chdir("./file0") = 0 [pid 698] creat("./bus", 000) = 4 [pid 698] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 698] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 698] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 698] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 698] exit_group(0) = ? [pid 698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=698, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./130/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./130/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./130/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./130/file1/lost+found") = 0 umount2("./130/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./130/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/file1/file0/file0") = 0 umount2("./130/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/file1/file0/file1") = 0 umount2("./130/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./130/file1/file0") = 0 umount2("./130/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/file1/file1") = 0 umount2("./130/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/file1/file2") = 0 umount2("./130/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/file1/file3") = 0 umount2("./130/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file1") = -1 EBUSY (Device or resource busy) umount2("./130/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./130/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 29.798947][ T698] loop0: detected capacity change from 0 to 1024 [ 29.806951][ T698] EXT4-fs: Ignoring removed orlov option [ 29.812457][ T698] EXT4-fs: Ignoring removed nomblk_io_submit option clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 701 ./strace-static-x86_64: Process 701 attached [pid 701] set_robust_list(0x555556850660, 24) = 0 [pid 701] chdir("./131") = 0 [pid 701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 701] setpgid(0, 0) = 0 [pid 701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 701] write(3, "1000", 4) = 4 [pid 701] close(3) = 0 [pid 701] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 701] write(1, "executing program\n", 18) = 18 [pid 701] memfd_create("syzkaller", 0) = 3 [pid 701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 701] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 701] close(3) = 0 [pid 701] close(4) = 0 [pid 701] mkdir("./file1", 0777) = 0 [pid 701] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 701] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 701] chdir("./file1") = 0 [pid 701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 701] ioctl(4, LOOP_CLR_FD) = 0 [pid 701] close(4) = 0 [pid 701] chdir("./file0") = 0 [pid 701] creat("./bus", 000) = 4 [pid 701] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 701] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 701] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 701] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 701] exit_group(0) = ? [pid 701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=701, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./131/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./131/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./131/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./131/file1/lost+found") = 0 umount2("./131/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./131/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/file1/file0/file0") = 0 umount2("./131/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/file1/file0/file1") = 0 umount2("./131/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./131/file1/file0") = 0 umount2("./131/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/file1/file1") = 0 [ 29.866790][ T701] loop0: detected capacity change from 0 to 1024 [ 29.873835][ T701] EXT4-fs: Ignoring removed orlov option [ 29.879626][ T701] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./131/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/file1/file2") = 0 umount2("./131/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/file1/file3") = 0 umount2("./131/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file1") = -1 EBUSY (Device or resource busy) umount2("./131/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./131/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 704 ./strace-static-x86_64: Process 704 attached [pid 704] set_robust_list(0x555556850660, 24) = 0 [pid 704] chdir("./132") = 0 [pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 704] setpgid(0, 0) = 0 [pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 704] write(3, "1000", 4) = 4 [pid 704] close(3) = 0 [pid 704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 704] write(1, "executing program\n", 18executing program ) = 18 [pid 704] memfd_create("syzkaller", 0) = 3 [pid 704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 704] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 704] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 704] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 704] close(3) = 0 [pid 704] close(4) = 0 [pid 704] mkdir("./file1", 0777) = 0 [pid 704] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 704] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 704] chdir("./file1") = 0 [pid 704] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 704] ioctl(4, LOOP_CLR_FD) = 0 [pid 704] close(4) = 0 [pid 704] chdir("./file0") = 0 [pid 704] creat("./bus", 000) = 4 [pid 704] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 704] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 704] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 704] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 704] exit_group(0) = ? [pid 704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=704, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./132/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./132/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./132/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./132/file1/lost+found") = 0 umount2("./132/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./132/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/file1/file0/file0") = 0 umount2("./132/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/file1/file0/file1") = 0 umount2("./132/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./132/file1/file0") = 0 umount2("./132/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/file1/file1") = 0 umount2("./132/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/file1/file2") = 0 umount2("./132/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/file1/file3") = 0 umount2("./132/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file1") = -1 EBUSY (Device or resource busy) umount2("./132/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./132/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 707 ./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x555556850660, 24) = 0 [pid 707] chdir("./133") = 0 [pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 707] setpgid(0, 0) = 0 [pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 707] write(3, "1000", 4) = 4 [pid 707] close(3) = 0 [pid 707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 707] write(1, "executing program\n", 18executing program ) = 18 [pid 707] memfd_create("syzkaller", 0) = 3 [pid 707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 707] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 29.945846][ T704] loop0: detected capacity change from 0 to 1024 [ 29.953410][ T704] EXT4-fs: Ignoring removed orlov option [ 29.959215][ T704] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 707] close(3) = 0 [pid 707] close(4) = 0 [pid 707] mkdir("./file1", 0777) = 0 [pid 707] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 707] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 707] chdir("./file1") = 0 [pid 707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 707] ioctl(4, LOOP_CLR_FD) = 0 [pid 707] close(4) = 0 [pid 707] chdir("./file0") = 0 [pid 707] creat("./bus", 000) = 4 [pid 707] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 707] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 707] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 707] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 707] exit_group(0) = ? [pid 707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=707, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./133/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./133/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./133/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./133/file1/lost+found") = 0 umount2("./133/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./133/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/file1/file0/file0") = 0 umount2("./133/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/file1/file0/file1") = 0 umount2("./133/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./133/file1/file0") = 0 umount2("./133/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/file1/file1") = 0 umount2("./133/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/file1/file2") = 0 umount2("./133/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/file1/file3") = 0 umount2("./133/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file1") = -1 EBUSY (Device or resource busy) umount2("./133/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./133/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 29.999570][ T707] loop0: detected capacity change from 0 to 1024 [ 30.008913][ T707] EXT4-fs: Ignoring removed orlov option [ 30.014610][ T707] EXT4-fs: Ignoring removed nomblk_io_submit option clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 710 ./strace-static-x86_64: Process 710 attached [pid 710] set_robust_list(0x555556850660, 24) = 0 [pid 710] chdir("./134") = 0 [pid 710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 710] setpgid(0, 0) = 0 [pid 710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 710] write(3, "1000", 4) = 4 [pid 710] close(3) = 0 [pid 710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 710] write(1, "executing program\n", 18) = 18 [pid 710] memfd_create("syzkaller", 0) = 3 [pid 710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 710] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 710] close(3) = 0 [pid 710] close(4) = 0 [pid 710] mkdir("./file1", 0777) = 0 [pid 710] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 710] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 710] chdir("./file1") = 0 [pid 710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 710] ioctl(4, LOOP_CLR_FD) = 0 [pid 710] close(4) = 0 [pid 710] chdir("./file0") = 0 [pid 710] creat("./bus", 000) = 4 [pid 710] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 710] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 710] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 710] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 710] exit_group(0) = ? [pid 710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=710, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./134/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./134/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./134/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./134/file1/lost+found") = 0 umount2("./134/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./134/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/file1/file0/file0") = 0 umount2("./134/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/file1/file0/file1") = 0 umount2("./134/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./134/file1/file0") = 0 umount2("./134/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/file1/file1") = 0 umount2("./134/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/file1/file2") = 0 umount2("./134/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/file1/file3") = 0 umount2("./134/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file1") = -1 EBUSY (Device or resource busy) [ 30.067071][ T710] loop0: detected capacity change from 0 to 1024 [ 30.074176][ T710] EXT4-fs: Ignoring removed orlov option [ 30.079904][ T710] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./134/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./134/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 713 ./strace-static-x86_64: Process 713 attached [pid 713] set_robust_list(0x555556850660, 24) = 0 [pid 713] chdir("./135") = 0 [pid 713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 713] setpgid(0, 0) = 0 [pid 713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 713] write(3, "1000", 4) = 4 [pid 713] close(3) = 0 [pid 713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 713] write(1, "executing program\n", 18executing program ) = 18 [pid 713] memfd_create("syzkaller", 0) = 3 [pid 713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 713] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 713] close(3) = 0 [pid 713] close(4) = 0 [pid 713] mkdir("./file1", 0777) = 0 [pid 713] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 713] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 713] chdir("./file1") = 0 [pid 713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 713] ioctl(4, LOOP_CLR_FD) = 0 [pid 713] close(4) = 0 [pid 713] chdir("./file0") = 0 [pid 713] creat("./bus", 000) = 4 [pid 713] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 713] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 713] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 713] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 713] exit_group(0) = ? [pid 713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=713, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./135/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./135/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./135/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./135/file1/lost+found") = 0 umount2("./135/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./135/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/file1/file0/file0") = 0 umount2("./135/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/file1/file0/file1") = 0 umount2("./135/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./135/file1/file0") = 0 umount2("./135/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/file1/file1") = 0 umount2("./135/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/file1/file2") = 0 umount2("./135/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/file1/file3") = 0 umount2("./135/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file1") = -1 EBUSY (Device or resource busy) umount2("./135/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./135/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 716 ./strace-static-x86_64: Process 716 attached [pid 716] set_robust_list(0x555556850660, 24) = 0 [pid 716] chdir("./136") = 0 [pid 716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 716] setpgid(0, 0) = 0 [pid 716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 716] write(3, "1000", 4) = 4 [pid 716] close(3) = 0 [pid 716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 716] write(1, "executing program\n", 18) = 18 [pid 716] memfd_create("syzkaller", 0) = 3 [pid 716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 30.139777][ T713] loop0: detected capacity change from 0 to 1024 [ 30.147123][ T713] EXT4-fs: Ignoring removed orlov option [ 30.152609][ T713] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 716] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 716] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 716] close(3) = 0 [pid 716] close(4) = 0 [pid 716] mkdir("./file1", 0777) = 0 [pid 716] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 716] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 716] chdir("./file1") = 0 [pid 716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 716] ioctl(4, LOOP_CLR_FD) = 0 [pid 716] close(4) = 0 [pid 716] chdir("./file0") = 0 [pid 716] creat("./bus", 000) = 4 [pid 716] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 716] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 716] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 716] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 716] exit_group(0) = ? [pid 716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=716, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./136/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./136/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./136/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./136/file1/lost+found") = 0 umount2("./136/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./136/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/file1/file0/file0") = 0 umount2("./136/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/file1/file0/file1") = 0 umount2("./136/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./136/file1/file0") = 0 umount2("./136/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/file1/file1") = 0 umount2("./136/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/file1/file2") = 0 umount2("./136/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/file1/file3") = 0 umount2("./136/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file1") = -1 EBUSY (Device or resource busy) umount2("./136/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./136/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 719 ./strace-static-x86_64: Process 719 attached [pid 719] set_robust_list(0x555556850660, 24) = 0 [pid 719] chdir("./137") = 0 [pid 719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 719] setpgid(0, 0) = 0 [pid 719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 719] write(3, "1000", 4) = 4 [pid 719] close(3) = 0 [pid 719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 719] write(1, "executing program\n", 18) = 18 [pid 719] memfd_create("syzkaller", 0) = 3 [pid 719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [ 30.203706][ T716] loop0: detected capacity change from 0 to 1024 [ 30.211655][ T716] EXT4-fs: Ignoring removed orlov option [ 30.217373][ T716] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 719] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 719] close(3) = 0 [pid 719] close(4) = 0 [pid 719] mkdir("./file1", 0777) = 0 [pid 719] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 719] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 719] chdir("./file1") = 0 [pid 719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 719] ioctl(4, LOOP_CLR_FD) = 0 [pid 719] close(4) = 0 [pid 719] chdir("./file0") = 0 [pid 719] creat("./bus", 000) = 4 [pid 719] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 719] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 719] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 719] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 719] exit_group(0) = ? [pid 719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=719, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./137/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./137/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./137/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./137/file1/lost+found") = 0 umount2("./137/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./137/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/file1/file0/file0") = 0 umount2("./137/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/file1/file0/file1") = 0 umount2("./137/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./137/file1/file0") = 0 umount2("./137/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/file1/file1") = 0 umount2("./137/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/file1/file2") = 0 umount2("./137/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/file1/file3") = 0 umount2("./137/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file1") = -1 EBUSY (Device or resource busy) umount2("./137/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./137/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 722 ./strace-static-x86_64: Process 722 attached [pid 722] set_robust_list(0x555556850660, 24) = 0 [pid 722] chdir("./138") = 0 [pid 722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 722] setpgid(0, 0) = 0 [pid 722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 722] write(3, "1000", 4) = 4 [pid 722] close(3) = 0 [pid 722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 722] write(1, "executing program\n", 18) = 18 [pid 722] memfd_create("syzkaller", 0) = 3 [pid 722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 722] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 30.265510][ T719] loop0: detected capacity change from 0 to 1024 [ 30.273048][ T719] EXT4-fs: Ignoring removed orlov option [ 30.278758][ T719] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 722] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 722] close(3) = 0 [pid 722] close(4) = 0 [pid 722] mkdir("./file1", 0777) = 0 [pid 722] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 722] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 722] chdir("./file1") = 0 [pid 722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 722] ioctl(4, LOOP_CLR_FD) = 0 [pid 722] close(4) = 0 [pid 722] chdir("./file0") = 0 [pid 722] creat("./bus", 000) = 4 [pid 722] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 722] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 722] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 722] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 722] exit_group(0) = ? [pid 722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=722, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./138/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./138/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./138/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./138/file1/lost+found") = 0 umount2("./138/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./138/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/file1/file0/file0") = 0 umount2("./138/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/file1/file0/file1") = 0 umount2("./138/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./138/file1/file0") = 0 umount2("./138/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/file1/file1") = 0 umount2("./138/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/file1/file2") = 0 umount2("./138/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/file1/file3") = 0 umount2("./138/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file1") = -1 EBUSY (Device or resource busy) umount2("./138/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./138/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 725 ./strace-static-x86_64: Process 725 attached [pid 725] set_robust_list(0x555556850660, 24) = 0 [pid 725] chdir("./139") = 0 [pid 725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 725] setpgid(0, 0) = 0 [pid 725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 725] write(3, "1000", 4) = 4 [pid 725] close(3) = 0 [pid 725] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 725] write(1, "executing program\n", 18) = 18 [pid 725] memfd_create("syzkaller", 0) = 3 [pid 725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 725] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 30.319354][ T722] loop0: detected capacity change from 0 to 1024 [ 30.327026][ T722] EXT4-fs: Ignoring removed orlov option [ 30.332530][ T722] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 725] close(3) = 0 [pid 725] close(4) = 0 [pid 725] mkdir("./file1", 0777) = 0 [pid 725] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 725] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 725] chdir("./file1") = 0 [pid 725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 725] ioctl(4, LOOP_CLR_FD) = 0 [pid 725] close(4) = 0 [pid 725] chdir("./file0") = 0 [pid 725] creat("./bus", 000) = 4 [pid 725] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 725] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 725] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 725] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 725] exit_group(0) = ? [pid 725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=725, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./139/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./139/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./139/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./139/file1/lost+found") = 0 umount2("./139/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./139/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/file1/file0/file0") = 0 umount2("./139/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/file1/file0/file1") = 0 umount2("./139/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./139/file1/file0") = 0 umount2("./139/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/file1/file1") = 0 umount2("./139/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/file1/file2") = 0 umount2("./139/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/file1/file3") = 0 umount2("./139/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file1") = -1 EBUSY (Device or resource busy) umount2("./139/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./139/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 728 ./strace-static-x86_64: Process 728 attached [pid 728] set_robust_list(0x555556850660, 24) = 0 [pid 728] chdir("./140") = 0 [pid 728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 728] setpgid(0, 0) = 0 [pid 728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 728] write(3, "1000", 4) = 4 [pid 728] close(3) = 0 [pid 728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 728] write(1, "executing program\n", 18executing program ) = 18 [pid 728] memfd_create("syzkaller", 0) = 3 [pid 728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 728] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 30.378791][ T725] loop0: detected capacity change from 0 to 1024 [ 30.385718][ T725] EXT4-fs: Ignoring removed orlov option [ 30.391317][ T725] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 728] close(3) = 0 [pid 728] close(4) = 0 [pid 728] mkdir("./file1", 0777) = 0 [pid 728] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 728] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 728] chdir("./file1") = 0 [pid 728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 728] ioctl(4, LOOP_CLR_FD) = 0 [pid 728] close(4) = 0 [pid 728] chdir("./file0") = 0 [pid 728] creat("./bus", 000) = 4 [pid 728] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 728] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 728] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 728] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 728] exit_group(0) = ? [pid 728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=728, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./140/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./140/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./140/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./140/file1/lost+found") = 0 umount2("./140/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./140/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/file1/file0/file0") = 0 umount2("./140/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/file1/file0/file1") = 0 umount2("./140/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./140/file1/file0") = 0 umount2("./140/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/file1/file1") = 0 umount2("./140/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/file1/file2") = 0 umount2("./140/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/file1/file3") = 0 umount2("./140/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file1") = -1 EBUSY (Device or resource busy) umount2("./140/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./140/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 731 ./strace-static-x86_64: Process 731 attached [pid 731] set_robust_list(0x555556850660, 24) = 0 [pid 731] chdir("./141") = 0 [pid 731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 731] setpgid(0, 0) = 0 [pid 731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 731] write(3, "1000", 4) = 4 [ 30.435938][ T728] loop0: detected capacity change from 0 to 1024 [ 30.443875][ T728] EXT4-fs: Ignoring removed orlov option [ 30.449528][ T728] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 731] close(3) = 0 [pid 731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 731] write(1, "executing program\n", 18executing program ) = 18 [pid 731] memfd_create("syzkaller", 0) = 3 [pid 731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 731] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 731] close(3) = 0 [pid 731] close(4) = 0 [pid 731] mkdir("./file1", 0777) = 0 [pid 731] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 731] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 731] chdir("./file1") = 0 [pid 731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 731] ioctl(4, LOOP_CLR_FD) = 0 [pid 731] close(4) = 0 [pid 731] chdir("./file0") = 0 [pid 731] creat("./bus", 000) = 4 [pid 731] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 731] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 731] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 731] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 731] exit_group(0) = ? [pid 731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=731, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./141/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./141/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./141/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./141/file1/lost+found") = 0 umount2("./141/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./141/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/file1/file0/file0") = 0 umount2("./141/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/file1/file0/file1") = 0 umount2("./141/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./141/file1/file0") = 0 umount2("./141/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/file1/file1") = 0 umount2("./141/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/file1/file2") = 0 umount2("./141/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/file1/file3") = 0 umount2("./141/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file1") = -1 EBUSY (Device or resource busy) umount2("./141/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./141/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555556850650) = 734 ./strace-static-x86_64: Process 734 attached [pid 734] set_robust_list(0x555556850660, 24) = 0 [pid 734] chdir("./142") = 0 [pid 734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 734] setpgid(0, 0) = 0 [pid 734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 734] write(3, "1000", 4) = 4 [pid 734] close(3) = 0 [pid 734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 734] write(1, "executing program\n", 18) = 18 [pid 734] memfd_create("syzkaller", 0) = 3 [pid 734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 734] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 30.502026][ T731] loop0: detected capacity change from 0 to 1024 [ 30.509064][ T731] EXT4-fs: Ignoring removed orlov option [ 30.514683][ T731] EXT4-fs: Ignoring removed nomblk_io_submit option [pid 734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 734] close(3) = 0 [pid 734] close(4) = 0 [pid 734] mkdir("./file1", 0777) = 0 [pid 734] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 734] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 734] chdir("./file1") = 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 734] ioctl(4, LOOP_CLR_FD) = 0 [pid 734] close(4) = 0 [pid 734] chdir("./file0") = 0 [pid 734] creat("./bus", 000) = 4 [pid 734] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 734] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 734] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 734] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 734] exit_group(0) = ? [pid 734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=734, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./142/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./142/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./142/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./142/file1/lost+found") = 0 umount2("./142/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./142/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/file1/file0/file0") = 0 umount2("./142/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/file1/file0/file1") = 0 umount2("./142/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./142/file1/file0") = 0 umount2("./142/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/file1/file1") = 0 umount2("./142/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/file1/file2") = 0 umount2("./142/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/file1/file3") = 0 umount2("./142/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file1") = -1 EBUSY (Device or resource busy) umount2("./142/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 30.560860][ T734] loop0: detected capacity change from 0 to 1024 [ 30.568540][ T734] EXT4-fs: Ignoring removed orlov option [ 30.574032][ T734] EXT4-fs: Ignoring removed nomblk_io_submit option rmdir("./142/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 737 ./strace-static-x86_64: Process 737 attached [pid 737] set_robust_list(0x555556850660, 24) = 0 [pid 737] chdir("./143") = 0 [pid 737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 737] setpgid(0, 0) = 0 [pid 737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 737] write(3, "1000", 4) = 4 [pid 737] close(3) = 0 [pid 737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 737] write(1, "executing program\n", 18executing program ) = 18 [pid 737] memfd_create("syzkaller", 0) = 3 [pid 737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 737] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 737] close(3) = 0 [pid 737] close(4) = 0 [pid 737] mkdir("./file1", 0777) = 0 [pid 737] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 737] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 737] chdir("./file1") = 0 [pid 737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 737] ioctl(4, LOOP_CLR_FD) = 0 [pid 737] close(4) = 0 [pid 737] chdir("./file0") = 0 [pid 737] creat("./bus", 000) = 4 [pid 737] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 737] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 737] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 737] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 737] exit_group(0) = ? [pid 737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=737, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./143/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./143/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./143/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./143/file1/lost+found") = 0 umount2("./143/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./143/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/file1/file0/file0") = 0 umount2("./143/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/file1/file0/file1") = 0 umount2("./143/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./143/file1/file0") = 0 umount2("./143/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/file1/file1") = 0 umount2("./143/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/file1/file2") = 0 umount2("./143/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/file1/file3") = 0 umount2("./143/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file1") = -1 EBUSY (Device or resource busy) umount2("./143/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./143/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 30.651231][ T737] loop0: detected capacity change from 0 to 1024 [ 30.659028][ T737] EXT4-fs: Ignoring removed orlov option [ 30.664598][ T737] EXT4-fs: Ignoring removed nomblk_io_submit option clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 741 ./strace-static-x86_64: Process 741 attached [pid 741] set_robust_list(0x555556850660, 24) = 0 [pid 741] chdir("./144") = 0 [pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 741] setpgid(0, 0) = 0 [pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 741] write(3, "1000", 4) = 4 [pid 741] close(3) = 0 [pid 741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 741] write(1, "executing program\n", 18executing program ) = 18 [pid 741] memfd_create("syzkaller", 0) = 3 [pid 741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 741] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 741] close(3) = 0 [pid 741] close(4) = 0 [pid 741] mkdir("./file1", 0777) = 0 [pid 741] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 741] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 741] chdir("./file1") = 0 [pid 741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 741] ioctl(4, LOOP_CLR_FD) = 0 [pid 741] close(4) = 0 [pid 741] chdir("./file0") = 0 [pid 741] creat("./bus", 000) = 4 [pid 741] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 741] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 741] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 741] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 741] exit_group(0) = ? [pid 741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=741, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./144/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./144/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./144/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./144/file1/lost+found") = 0 umount2("./144/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./144/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/file1/file0/file0") = 0 umount2("./144/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/file1/file0/file1") = 0 umount2("./144/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./144/file1/file0") = 0 umount2("./144/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/file1/file1") = 0 umount2("./144/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/file1/file2") = 0 umount2("./144/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/file1/file3") = 0 umount2("./144/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file1") = -1 EBUSY (Device or resource busy) [ 30.717531][ T741] loop0: detected capacity change from 0 to 1024 [ 30.725606][ T741] EXT4-fs: Ignoring removed orlov option [ 30.731440][ T741] EXT4-fs: Ignoring removed nomblk_io_submit option umount2("./144/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./144/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 744 ./strace-static-x86_64: Process 744 attached [pid 744] set_robust_list(0x555556850660, 24) = 0 [pid 744] chdir("./145") = 0 [pid 744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 744] setpgid(0, 0) = 0 [pid 744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 744] write(3, "1000", 4) = 4 [pid 744] close(3) = 0 [pid 744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 744] write(1, "executing program\n", 18) = 18 [pid 744] memfd_create("syzkaller", 0) = 3 [pid 744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 744] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 744] close(3) = 0 [pid 744] close(4) = 0 [pid 744] mkdir("./file1", 0777) = 0 [pid 744] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 744] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 744] chdir("./file1") = 0 [pid 744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 744] ioctl(4, LOOP_CLR_FD) = 0 [pid 744] close(4) = 0 [pid 744] chdir("./file0") = 0 [pid 744] creat("./bus", 000) = 4 [pid 744] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 744] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 744] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 744] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 744] exit_group(0) = ? [pid 744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=744, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./145/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./145/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./145/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./145/file1/lost+found") = 0 umount2("./145/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./145/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/file1/file0/file0") = 0 umount2("./145/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/file1/file0/file1") = 0 umount2("./145/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./145/file1/file0") = 0 umount2("./145/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/file1/file1") = 0 umount2("./145/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/file1/file2") = 0 umount2("./145/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/file1/file3") = 0 umount2("./145/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file1") = -1 EBUSY (Device or resource busy) umount2("./145/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./145/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 [ 30.786273][ T744] loop0: detected capacity change from 0 to 1024 [ 30.795216][ T744] EXT4-fs: Ignoring removed orlov option [ 30.801472][ T744] EXT4-fs: Ignoring removed nomblk_io_submit option mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 747 ./strace-static-x86_64: Process 747 attached [pid 747] set_robust_list(0x555556850660, 24) = 0 [pid 747] chdir("./146") = 0 [pid 747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 747] setpgid(0, 0) = 0 [pid 747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 747] write(3, "1000", 4) = 4 [pid 747] close(3) = 0 [pid 747] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 747] write(1, "executing program\n", 18) = 18 [pid 747] memfd_create("syzkaller", 0) = 3 [pid 747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 747] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 747] close(3) = 0 [pid 747] close(4) = 0 [pid 747] mkdir("./file1", 0777) = 0 [pid 747] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 747] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 747] chdir("./file1") = 0 [pid 747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 747] ioctl(4, LOOP_CLR_FD) = 0 [pid 747] close(4) = 0 [pid 747] chdir("./file0") = 0 [pid 747] creat("./bus", 000) = 4 [pid 747] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 747] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 747] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 747] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 747] exit_group(0) = ? [pid 747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=747, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555568516f0 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./146/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./146/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556859730 /* 8 entries */, 32768) = 240 umount2("./146/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 2 entries */, 32768) = 48 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./146/file1/lost+found") = 0 umount2("./146/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555556861770 /* 5 entries */, 32768) = 136 umount2("./146/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/file1/file0/file0") = 0 umount2("./146/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/file1/file0/file1") = 0 umount2("./146/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/file1/file0/bus") = 0 getdents64(5, 0x555556861770 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./146/file1/file0") = 0 umount2("./146/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/file1/file1") = 0 umount2("./146/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/file1/file2") = 0 umount2("./146/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/file1/file3") = 0 umount2("./146/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/file1/file.cold") = 0 getdents64(4, 0x555556859730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file1") = -1 EBUSY (Device or resource busy) umount2("./146/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./146/file1") = 0 getdents64(3, 0x5555568516f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 30.855636][ T747] loop0: detected capacity change from 0 to 1024 [ 30.863640][ T747] EXT4-fs: Ignoring removed orlov option [ 30.869240][ T747] EXT4-fs: Ignoring removed nomblk_io_submit option clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556850650) = 750 ./strace-static-x86_64: Process 750 attached [pid 750] set_robust_list(0x555556850660, 24) = 0 [pid 750] chdir("./147") = 0 [pid 750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 750] setpgid(0, 0) = 0 [pid 750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 750] write(3, "1000", 4) = 4 [pid 750] close(3) = 0 [pid 750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 750] write(1, "executing program\n", 18executing program ) = 18 [pid 750] memfd_create("syzkaller", 0) = 3 [pid 750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9cfca3c000 [pid 750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 750] munmap(0x7f9cfca3c000, 138412032) = 0 [pid 750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 750] close(3) = 0 [pid 750] close(4) = 0 [pid 750] mkdir("./file1", 0777) = 0 [pid 750] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 750] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 750] chdir("./file1") = 0 [pid 750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 750] ioctl(4, LOOP_CLR_FD) = 0 [pid 750] close(4) = 0 [pid 750] chdir("./file0") = 0 [pid 750] creat("./bus", 000) = 4 [pid 750] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 750] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 750] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000