./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1165039738 <...> Warning: Permanently added '10.128.1.180' (ECDSA) to the list of known hosts. execve("./syz-executor1165039738", ["./syz-executor1165039738"], 0x7ffd5a698960 /* 10 vars */) = 0 brk(NULL) = 0x55555748e000 brk(0x55555748ec40) = 0x55555748ec40 arch_prctl(ARCH_SET_FS, 0x55555748e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1165039738", 4096) = 28 brk(0x5555574afc40) = 0x5555574afc40 brk(0x5555574b0000) = 0x5555574b0000 mprotect(0x7f0a8069e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3634 mkdir("./syzkaller.PI9Ay1", 0700) = 0 chmod("./syzkaller.PI9Ay1", 0777) = 0 chdir("./syzkaller.PI9Ay1") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3635 ./strace-static-x86_64: Process 3635 attached [pid 3635] chdir("./0") = 0 [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] write(3, "1000", 4) = 4 [pid 3635] close(3) = 0 [pid 3635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3635] memfd_create("syzkaller", 0) = 3 [pid 3635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3635] munmap(0x7f0a78000000, 262144) = 0 [pid 3635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3635] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3635] close(3) = 0 [pid 3635] mkdir("./file0", 0777) = 0 [ 68.013064][ T3635] loop0: detected capacity change from 0 to 512 [ 68.023515][ T3635] ======================================================= [ 68.023515][ T3635] WARNING: The mand mount option has been deprecated and [ 68.023515][ T3635] and is ignored by this kernel. Remove the mand [ 68.023515][ T3635] option from the mount to silence this warning. [ 68.023515][ T3635] ======================================================= [ 68.062226][ T3635] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.073650][ T3635] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.089390][ T3635] EXT4-fs (loop0): 1 truncate cleaned up [pid 3635] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3635] chdir("./file0") = 0 [pid 3635] ioctl(4, LOOP_CLR_FD) = 0 [pid 3635] close(4) = 0 [pid 3635] exit_group(0) = ? [pid 3635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3635, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3639 attached , child_tidptr=0x55555748e5d0) = 3639 [pid 3639] chdir("./1") = 0 [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3639] memfd_create("syzkaller", 0) = 3 [ 68.118898][ T3635] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 68.143876][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3639] munmap(0x7f0a78000000, 262144) = 0 [pid 3639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3639] close(3) = 0 [pid 3639] mkdir("./file0", 0777) = 0 [ 68.209271][ T3639] loop0: detected capacity change from 0 to 512 [ 68.222098][ T3639] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.233000][ T3639] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.244210][ T3639] EXT4-fs (loop0): 1 truncate cleaned up [pid 3639] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3639] chdir("./file0") = 0 [pid 3639] ioctl(4, LOOP_CLR_FD) = 0 [pid 3639] close(4) = 0 [pid 3639] exit_group(0) = ? [pid 3639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3641 ./strace-static-x86_64: Process 3641 attached [pid 3641] chdir("./2") = 0 [ 68.259515][ T3639] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 68.295323][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3641] setpgid(0, 0) = 0 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3641] write(3, "1000", 4) = 4 [pid 3641] close(3) = 0 [pid 3641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3641] memfd_create("syzkaller", 0) = 3 [pid 3641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3641] munmap(0x7f0a78000000, 262144) = 0 [pid 3641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3641] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3641] close(3) = 0 [pid 3641] mkdir("./file0", 0777) = 0 [ 68.363297][ T3641] loop0: detected capacity change from 0 to 512 [ 68.375508][ T3641] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.386865][ T3641] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.397887][ T3641] EXT4-fs (loop0): 1 truncate cleaned up [pid 3641] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3641] chdir("./file0") = 0 [pid 3641] ioctl(4, LOOP_CLR_FD) = 0 [pid 3641] close(4) = 0 [pid 3641] exit_group(0) = ? [pid 3641] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] chdir("./3") = 0 [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3643] memfd_create("syzkaller", 0) = 3 [pid 3643] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3643] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3643] munmap(0x7f0a78000000, 262144) = 0 [pid 3643] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.419220][ T3641] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 68.453348][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3643] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3643] close(3) = 0 [pid 3643] mkdir("./file0", 0777) = 0 [ 68.494494][ T3643] loop0: detected capacity change from 0 to 512 [ 68.505220][ T3643] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.516710][ T3643] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.526906][ T3643] EXT4-fs (loop0): 1 truncate cleaned up [pid 3643] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3643] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3643] chdir("./file0") = 0 [pid 3643] ioctl(4, LOOP_CLR_FD) = 0 [pid 3643] close(4) = 0 [pid 3643] exit_group(0) = ? [pid 3643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] chdir("./4") = 0 [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3645] memfd_create("syzkaller", 0) = 3 [pid 3645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3645] munmap(0x7f0a78000000, 262144) = 0 [pid 3645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 68.549206][ T3643] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 68.575613][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3645] close(3) = 0 [pid 3645] mkdir("./file0", 0777) = 0 [ 68.626380][ T3645] loop0: detected capacity change from 0 to 512 [ 68.636258][ T3645] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.647558][ T3645] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.657804][ T3645] EXT4-fs (loop0): 1 truncate cleaned up [pid 3645] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3645] chdir("./file0") = 0 [pid 3645] ioctl(4, LOOP_CLR_FD) = 0 [pid 3645] close(4) = 0 [pid 3645] exit_group(0) = ? [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3647 ./strace-static-x86_64: Process 3647 attached [pid 3647] chdir("./5") = 0 [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3647] setpgid(0, 0) = 0 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3647] write(3, "1000", 4) = 4 [pid 3647] close(3) = 0 [ 68.688933][ T3645] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 68.713369][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3647] memfd_create("syzkaller", 0) = 3 [pid 3647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3647] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3647] munmap(0x7f0a78000000, 262144) = 0 [pid 3647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3647] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3647] close(3) = 0 [pid 3647] mkdir("./file0", 0777) = 0 [ 68.781443][ T3647] loop0: detected capacity change from 0 to 512 [ 68.791200][ T3647] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.802843][ T3647] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.814379][ T3647] EXT4-fs (loop0): 1 truncate cleaned up [pid 3647] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3647] chdir("./file0") = 0 [pid 3647] ioctl(4, LOOP_CLR_FD) = 0 [pid 3647] close(4) = 0 [pid 3647] exit_group(0) = ? [pid 3647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3649] chdir("./6") = 0 [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3649] setpgid(0, 0) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3649] write(3, "1000", 4) = 4 [pid 3649] close(3) = 0 [pid 3649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3649] memfd_create("syzkaller", 0) = 3 [pid 3649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 68.839135][ T3647] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 68.871126][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3649] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3649] munmap(0x7f0a78000000, 262144) = 0 [pid 3649] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3649] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3649] close(3) = 0 [pid 3649] mkdir("./file0", 0777) = 0 [ 68.925415][ T3649] loop0: detected capacity change from 0 to 512 [ 68.937304][ T3649] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 68.948957][ T3649] EXT4-fs (loop0): orphan cleanup on readonly fs [ 68.960441][ T3649] EXT4-fs (loop0): 1 truncate cleaned up [pid 3649] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3649] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3649] chdir("./file0") = 0 [pid 3649] ioctl(4, LOOP_CLR_FD) = 0 [pid 3649] close(4) = 0 [pid 3649] exit_group(0) = ? [pid 3649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 68.979196][ T3649] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 69.014465][ T3634] EXT4-fs (loop0): unmounting filesystem. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3651 ./strace-static-x86_64: Process 3651 attached [pid 3651] chdir("./7") = 0 [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3651] memfd_create("syzkaller", 0) = 3 [pid 3651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3651] munmap(0x7f0a78000000, 262144) = 0 [pid 3651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3651] close(3) = 0 [pid 3651] mkdir("./file0", 0777) = 0 [ 69.078458][ T3651] loop0: detected capacity change from 0 to 512 [ 69.089022][ T3651] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.100479][ T3651] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.110702][ T3651] EXT4-fs (loop0): 1 truncate cleaned up [pid 3651] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3651] chdir("./file0") = 0 [pid 3651] ioctl(4, LOOP_CLR_FD) = 0 [pid 3651] close(4) = 0 [pid 3651] exit_group(0) = ? [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 69.139118][ T3651] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 69.177548][ T3634] EXT4-fs (loop0): unmounting filesystem. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3653 ./strace-static-x86_64: Process 3653 attached [pid 3653] chdir("./8") = 0 [pid 3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3653] setpgid(0, 0) = 0 [pid 3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3653] write(3, "1000", 4) = 4 [pid 3653] close(3) = 0 [pid 3653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3653] memfd_create("syzkaller", 0) = 3 [pid 3653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3653] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3653] munmap(0x7f0a78000000, 262144) = 0 [pid 3653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3653] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3653] close(3) = 0 [pid 3653] mkdir("./file0", 0777) = 0 [ 69.236800][ T3653] loop0: detected capacity change from 0 to 512 [ 69.247574][ T3653] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.258952][ T3653] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.270474][ T3653] EXT4-fs (loop0): 1 truncate cleaned up [pid 3653] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3653] chdir("./file0") = 0 [pid 3653] ioctl(4, LOOP_CLR_FD) = 0 [pid 3653] close(4) = 0 [pid 3653] exit_group(0) = ? [pid 3653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3655 attached [pid 3655] chdir("./9") = 0 [pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3655] setpgid(0, 0) = 0 [pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3655] write(3, "1000", 4) = 4 [pid 3655] close(3) = 0 [pid 3655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3655] memfd_create("syzkaller", 0) = 3 [pid 3655] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3655 [pid 3655] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3655] munmap(0x7f0a78000000, 262144) = 0 [ 69.289176][ T3653] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 69.313618][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3655] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3655] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3655] close(3) = 0 [pid 3655] mkdir("./file0", 0777) = 0 [ 69.363268][ T3655] loop0: detected capacity change from 0 to 512 [ 69.374135][ T3655] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.385380][ T3655] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.395748][ T3655] EXT4-fs (loop0): 1 truncate cleaned up [pid 3655] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3655] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3655] chdir("./file0") = 0 [pid 3655] ioctl(4, LOOP_CLR_FD) = 0 [pid 3655] close(4) = 0 [pid 3655] exit_group(0) = ? [pid 3655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 69.409008][ T3655] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] chdir("./10") = 0 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3657] memfd_create("syzkaller", 0) = 3 [pid 3657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3657] munmap(0x7f0a78000000, 262144) = 0 [ 69.444631][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3657] close(3) = 0 [pid 3657] mkdir("./file0", 0777) = 0 [ 69.505614][ T3657] loop0: detected capacity change from 0 to 512 [ 69.516595][ T3657] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.528172][ T3657] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.538152][ T3657] EXT4-fs (loop0): 1 truncate cleaned up [pid 3657] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3657] chdir("./file0") = 0 [pid 3657] ioctl(4, LOOP_CLR_FD) = 0 [pid 3657] close(4) = 0 [pid 3657] exit_group(0) = ? [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 69.568896][ T3657] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 69.603625][ T3634] EXT4-fs (loop0): unmounting filesystem. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3659 attached [pid 3659] chdir("./11" [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3659 [pid 3659] <... chdir resumed>) = 0 [pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3659] setpgid(0, 0) = 0 [pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3659] write(3, "1000", 4) = 4 [pid 3659] close(3) = 0 [pid 3659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3659] memfd_create("syzkaller", 0) = 3 [pid 3659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3659] munmap(0x7f0a78000000, 262144) = 0 [pid 3659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3659] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3659] close(3) = 0 [pid 3659] mkdir("./file0", 0777) = 0 [ 69.668118][ T3659] loop0: detected capacity change from 0 to 512 [ 69.678425][ T3659] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.690038][ T3659] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.700936][ T3659] EXT4-fs (loop0): 1 truncate cleaned up [pid 3659] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3659] chdir("./file0") = 0 [pid 3659] ioctl(4, LOOP_CLR_FD) = 0 [pid 3659] close(4) = 0 [pid 3659] exit_group(0) = ? [pid 3659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3661 ./strace-static-x86_64: Process 3661 attached [pid 3661] chdir("./12") = 0 [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3661] write(3, "1000", 4) = 4 [pid 3661] close(3) = 0 [pid 3661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3661] memfd_create("syzkaller", 0) = 3 [pid 3661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3661] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 69.729218][ T3659] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 69.764785][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3661] munmap(0x7f0a78000000, 262144) = 0 [pid 3661] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3661] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3661] close(3) = 0 [pid 3661] mkdir("./file0", 0777) = 0 [ 69.812555][ T3661] loop0: detected capacity change from 0 to 512 [ 69.823975][ T3661] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.835671][ T3661] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.846219][ T3661] EXT4-fs (loop0): 1 truncate cleaned up [pid 3661] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3661] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3661] chdir("./file0") = 0 [pid 3661] ioctl(4, LOOP_CLR_FD) = 0 [pid 3661] close(4) = 0 [pid 3661] exit_group(0) = ? [pid 3661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 69.859041][ T3661] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3663 ./strace-static-x86_64: Process 3663 attached [pid 3663] chdir("./13") = 0 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3663] memfd_create("syzkaller", 0) = 3 [pid 3663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3663] munmap(0x7f0a78000000, 262144) = 0 [pid 3663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.889816][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3663] close(3) = 0 [pid 3663] mkdir("./file0", 0777) = 0 [ 69.945323][ T3663] loop0: detected capacity change from 0 to 512 [ 69.955448][ T3663] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 69.966428][ T3663] EXT4-fs (loop0): orphan cleanup on readonly fs [ 69.977140][ T3663] EXT4-fs (loop0): 1 truncate cleaned up [pid 3663] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3663] chdir("./file0") = 0 [pid 3663] ioctl(4, LOOP_CLR_FD) = 0 [pid 3663] close(4) = 0 [pid 3663] exit_group(0) = ? [pid 3663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3665 ./strace-static-x86_64: Process 3665 attached [pid 3665] chdir("./14") = 0 [pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3665] setpgid(0, 0) = 0 [pid 3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3665] write(3, "1000", 4) = 4 [pid 3665] close(3) = 0 [pid 3665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3665] memfd_create("syzkaller", 0) = 3 [pid 3665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3665] munmap(0x7f0a78000000, 262144) = 0 [pid 3665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 69.999069][ T3663] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 70.034056][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3665] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3665] close(3) = 0 [pid 3665] mkdir("./file0", 0777) = 0 [pid 3665] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [ 70.073726][ T3665] loop0: detected capacity change from 0 to 512 [ 70.086387][ T3665] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.098885][ T3665] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.110328][ T3665] EXT4-fs (loop0): 1 truncate cleaned up [pid 3665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3665] chdir("./file0") = 0 [pid 3665] ioctl(4, LOOP_CLR_FD) = 0 [pid 3665] close(4) = 0 [pid 3665] exit_group(0) = ? [pid 3665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3667 ./strace-static-x86_64: Process 3667 attached [pid 3667] chdir("./15") = 0 [pid 3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3667] setpgid(0, 0) = 0 [pid 3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3667] write(3, "1000", 4) = 4 [pid 3667] close(3) = 0 [pid 3667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3667] memfd_create("syzkaller", 0) = 3 [pid 3667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3667] munmap(0x7f0a78000000, 262144) = 0 [pid 3667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 70.139389][ T3665] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 70.177831][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3667] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3667] close(3) = 0 [pid 3667] mkdir("./file0", 0777) = 0 [ 70.217183][ T3667] loop0: detected capacity change from 0 to 512 [ 70.230516][ T3667] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.241499][ T3667] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.252161][ T3667] EXT4-fs (loop0): 1 truncate cleaned up [pid 3667] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3667] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3667] chdir("./file0") = 0 [pid 3667] ioctl(4, LOOP_CLR_FD) = 0 [pid 3667] close(4) = 0 [pid 3667] exit_group(0) = ? [pid 3667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 70.259871][ T3667] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3669 ./strace-static-x86_64: Process 3669 attached [pid 3669] chdir("./16") = 0 [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3669] memfd_create("syzkaller", 0) = 3 [pid 3669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3669] munmap(0x7f0a78000000, 262144) = 0 [pid 3669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 70.293999][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3669] close(3) = 0 [pid 3669] mkdir("./file0", 0777) = 0 [ 70.346770][ T3669] loop0: detected capacity change from 0 to 512 [ 70.357063][ T3669] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.367741][ T3669] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.377616][ T3669] EXT4-fs (loop0): 1 truncate cleaned up [pid 3669] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3669] chdir("./file0") = 0 [pid 3669] ioctl(4, LOOP_CLR_FD) = 0 [pid 3669] close(4) = 0 [pid 3669] exit_group(0) = ? [pid 3669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3671 ./strace-static-x86_64: Process 3671 attached [pid 3671] chdir("./17") = 0 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3671] setpgid(0, 0) = 0 [pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3671] write(3, "1000", 4) = 4 [pid 3671] close(3) = 0 [ 70.409131][ T3669] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 70.437304][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3671] memfd_create("syzkaller", 0) = 3 [pid 3671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3671] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3671] munmap(0x7f0a78000000, 262144) = 0 [pid 3671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3671] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3671] close(3) = 0 [pid 3671] mkdir("./file0", 0777) = 0 [ 70.501801][ T3671] loop0: detected capacity change from 0 to 512 [ 70.513505][ T3671] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.524841][ T3671] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.537176][ T3671] EXT4-fs (loop0): 1 truncate cleaned up [pid 3671] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3671] chdir("./file0") = 0 [pid 3671] ioctl(4, LOOP_CLR_FD) = 0 [pid 3671] close(4) = 0 [pid 3671] exit_group(0) = ? [pid 3671] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3671, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3673 ./strace-static-x86_64: Process 3673 attached [pid 3673] chdir("./18") = 0 [pid 3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3673] setpgid(0, 0) = 0 [pid 3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3673] write(3, "1000", 4) = 4 [pid 3673] close(3) = 0 [pid 3673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3673] memfd_create("syzkaller", 0) = 3 [pid 3673] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3673] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3673] munmap(0x7f0a78000000, 262144) = 0 [ 70.559172][ T3671] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 70.592300][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3673] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3673] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3673] close(3) = 0 [pid 3673] mkdir("./file0", 0777) = 0 [ 70.641451][ T3673] loop0: detected capacity change from 0 to 512 [ 70.653270][ T3673] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.664483][ T3673] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.675300][ T3673] EXT4-fs (loop0): 1 truncate cleaned up [pid 3673] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3673] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3673] chdir("./file0") = 0 [pid 3673] ioctl(4, LOOP_CLR_FD) = 0 [pid 3673] close(4) = 0 [pid 3673] exit_group(0) = ? [pid 3673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3673, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 70.689080][ T3673] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 70.728677][ T3634] EXT4-fs (loop0): unmounting filesystem. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3675 ./strace-static-x86_64: Process 3675 attached [pid 3675] chdir("./19") = 0 [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3675] memfd_create("syzkaller", 0) = 3 [pid 3675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3675] munmap(0x7f0a78000000, 262144) = 0 [pid 3675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3675] close(3) = 0 [pid 3675] mkdir("./file0", 0777) = 0 [ 70.795792][ T3675] loop0: detected capacity change from 0 to 512 [ 70.807361][ T3675] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.819191][ T3675] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.830184][ T3675] EXT4-fs (loop0): 1 truncate cleaned up [pid 3675] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3675] chdir("./file0") = 0 [pid 3675] ioctl(4, LOOP_CLR_FD) = 0 [pid 3675] close(4) = 0 [pid 3675] exit_group(0) = ? [pid 3675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3677 ./strace-static-x86_64: Process 3677 attached [pid 3677] chdir("./20") = 0 [pid 3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3677] setpgid(0, 0) = 0 [pid 3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3677] write(3, "1000", 4) = 4 [pid 3677] close(3) = 0 [pid 3677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3677] memfd_create("syzkaller", 0) = 3 [pid 3677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 70.843755][ T3675] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 70.883521][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3677] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3677] munmap(0x7f0a78000000, 262144) = 0 [pid 3677] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3677] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3677] close(3) = 0 [pid 3677] mkdir("./file0", 0777) = 0 [ 70.938251][ T3677] loop0: detected capacity change from 0 to 512 [ 70.948371][ T3677] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 70.959991][ T3677] EXT4-fs (loop0): orphan cleanup on readonly fs [ 70.970415][ T3677] EXT4-fs (loop0): 1 truncate cleaned up [pid 3677] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3677] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3677] chdir("./file0") = 0 [pid 3677] ioctl(4, LOOP_CLR_FD) = 0 [pid 3677] close(4) = 0 [pid 3677] exit_group(0) = ? [pid 3677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3679 ./strace-static-x86_64: Process 3679 attached [pid 3679] chdir("./21") = 0 [pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3679] setpgid(0, 0) = 0 [pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3679] write(3, "1000", 4) = 4 [pid 3679] close(3) = 0 [pid 3679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3679] memfd_create("syzkaller", 0) = 3 [pid 3679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 70.999193][ T3677] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 71.033361][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3679] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3679] munmap(0x7f0a78000000, 262144) = 0 [pid 3679] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3679] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3679] close(3) = 0 [pid 3679] mkdir("./file0", 0777) = 0 [ 71.084401][ T3679] loop0: detected capacity change from 0 to 512 [ 71.095408][ T3679] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 71.106048][ T3679] EXT4-fs (loop0): orphan cleanup on readonly fs [ 71.116410][ T3679] EXT4-fs (loop0): 1 truncate cleaned up [pid 3679] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3679] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3679] chdir("./file0") = 0 [pid 3679] ioctl(4, LOOP_CLR_FD) = 0 [pid 3679] close(4) = 0 [pid 3679] exit_group(0) = ? [pid 3679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3679, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 71.129052][ T3679] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3681 attached , child_tidptr=0x55555748e5d0) = 3681 [pid 3681] chdir("./22") = 0 [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3681] memfd_create("syzkaller", 0) = 3 [pid 3681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3681] munmap(0x7f0a78000000, 262144) = 0 [pid 3681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 71.166177][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3681] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3681] close(3) = 0 [pid 3681] mkdir("./file0", 0777) = 0 [ 71.227531][ T3681] loop0: detected capacity change from 0 to 512 [ 71.237342][ T3681] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 71.249855][ T3681] EXT4-fs (loop0): orphan cleanup on readonly fs [ 71.262469][ T3681] EXT4-fs (loop0): 1 truncate cleaned up [pid 3681] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3681] chdir("./file0") = 0 [pid 3681] ioctl(4, LOOP_CLR_FD) = 0 [pid 3681] close(4) = 0 [pid 3681] exit_group(0) = ? [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 71.289045][ T3681] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 71.321213][ T3634] EXT4-fs (loop0): unmounting filesystem. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3683 ./strace-static-x86_64: Process 3683 attached [pid 3683] chdir("./23") = 0 [pid 3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3683] setpgid(0, 0) = 0 [pid 3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3683] write(3, "1000", 4) = 4 [pid 3683] close(3) = 0 [pid 3683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3683] memfd_create("syzkaller", 0) = 3 [pid 3683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3683] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3683] munmap(0x7f0a78000000, 262144) = 0 [pid 3683] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3683] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3683] close(3) = 0 [pid 3683] mkdir("./file0", 0777) = 0 [ 71.390928][ T3683] loop0: detected capacity change from 0 to 512 [ 71.403346][ T3683] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 71.413979][ T3683] EXT4-fs (loop0): orphan cleanup on readonly fs [ 71.424131][ T3683] EXT4-fs (loop0): 1 truncate cleaned up [pid 3683] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3683] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3683] chdir("./file0") = 0 [pid 3683] ioctl(4, LOOP_CLR_FD) = 0 [pid 3683] close(4) = 0 [pid 3683] exit_group(0) = ? [pid 3683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 71.468942][ T3683] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3685 attached [pid 3685] chdir("./24") = 0 [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3685 [pid 3685] <... prctl resumed>) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3685] memfd_create("syzkaller", 0) = 3 [pid 3685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3685] munmap(0x7f0a78000000, 262144) = 0 [pid 3685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 71.509869][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3685] close(3) = 0 [pid 3685] mkdir("./file0", 0777) = 0 [ 71.558876][ T3685] loop0: detected capacity change from 0 to 512 [ 71.570308][ T3685] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 71.581990][ T3685] EXT4-fs (loop0): orphan cleanup on readonly fs [ 71.592758][ T3685] EXT4-fs (loop0): 1 truncate cleaned up [pid 3685] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3685] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3685] chdir("./file0") = 0 [pid 3685] ioctl(4, LOOP_CLR_FD) = 0 [pid 3685] close(4) = 0 [pid 3685] exit_group(0) = ? [pid 3685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 [ 71.619235][ T3685] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 71.654983][ T3634] EXT4-fs (loop0): unmounting filesystem. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] chdir("./25") = 0 [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3687] memfd_create("syzkaller", 0) = 3 [pid 3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3687] munmap(0x7f0a78000000, 262144) = 0 [pid 3687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3687] close(3) = 0 [pid 3687] mkdir("./file0", 0777) = 0 [ 71.715007][ T3687] loop0: detected capacity change from 0 to 512 [ 71.725384][ T3687] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 71.736807][ T3687] EXT4-fs (loop0): orphan cleanup on readonly fs [ 71.747930][ T3687] EXT4-fs (loop0): 1 truncate cleaned up [pid 3687] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3687] chdir("./file0") = 0 [pid 3687] ioctl(4, LOOP_CLR_FD) = 0 [pid 3687] close(4) = 0 [pid 3687] exit_group(0) = ? [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 71.760803][ T3687] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3689 ./strace-static-x86_64: Process 3689 attached [pid 3689] chdir("./26") = 0 [pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3689] setpgid(0, 0) = 0 [pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3689] write(3, "1000", 4) = 4 [pid 3689] close(3) = 0 [pid 3689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3689] memfd_create("syzkaller", 0) = 3 [pid 3689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3689] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3689] munmap(0x7f0a78000000, 262144) = 0 [pid 3689] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 71.799890][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3689] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3689] close(3) = 0 [pid 3689] mkdir("./file0", 0777) = 0 [ 71.853879][ T3689] loop0: detected capacity change from 0 to 512 [ 71.863937][ T3689] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 71.875899][ T3689] EXT4-fs (loop0): orphan cleanup on readonly fs [ 71.886348][ T3689] EXT4-fs (loop0): 1 truncate cleaned up [pid 3689] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3689] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3689] chdir("./file0") = 0 [pid 3689] ioctl(4, LOOP_CLR_FD) = 0 [pid 3689] close(4) = 0 [pid 3689] exit_group(0) = ? [pid 3689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3691 ./strace-static-x86_64: Process 3691 attached [pid 3691] chdir("./27") = 0 [pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3691] setpgid(0, 0) = 0 [pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3691] write(3, "1000", 4) = 4 [pid 3691] close(3) = 0 [pid 3691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3691] memfd_create("syzkaller", 0) = 3 [pid 3691] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 71.909183][ T3689] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 71.943972][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3691] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3691] munmap(0x7f0a78000000, 262144) = 0 [pid 3691] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3691] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3691] close(3) = 0 [pid 3691] mkdir("./file0", 0777) = 0 [ 71.994330][ T3691] loop0: detected capacity change from 0 to 512 [ 72.004306][ T3691] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 72.016082][ T3691] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.026338][ T3691] EXT4-fs (loop0): 1 truncate cleaned up [pid 3691] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3691] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3691] chdir("./file0") = 0 [pid 3691] ioctl(4, LOOP_CLR_FD) = 0 [pid 3691] close(4) = 0 [pid 3691] exit_group(0) = ? [pid 3691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 72.039069][ T3691] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3693 ./strace-static-x86_64: Process 3693 attached [pid 3693] chdir("./28") = 0 [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3693] memfd_create("syzkaller", 0) = 3 [pid 3693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 72.073973][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3693] munmap(0x7f0a78000000, 262144) = 0 [pid 3693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3693] close(3) = 0 [pid 3693] mkdir("./file0", 0777) = 0 [ 72.120673][ T3693] loop0: detected capacity change from 0 to 512 [ 72.123231][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 72.140033][ T3693] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 72.152304][ T3693] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.163611][ T3693] EXT4-fs (loop0): 1 truncate cleaned up [pid 3693] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3693] chdir("./file0") = 0 [pid 3693] ioctl(4, LOOP_CLR_FD) = 0 [pid 3693] close(4) = 0 [pid 3693] exit_group(0) = ? [pid 3693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3695 ./strace-static-x86_64: Process 3695 attached [pid 3695] chdir("./29") = 0 [pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3695] setpgid(0, 0) = 0 [ 72.189541][ T3693] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 72.222491][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3695] write(3, "1000", 4) = 4 [pid 3695] close(3) = 0 [pid 3695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3695] memfd_create("syzkaller", 0) = 3 [pid 3695] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3695] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3695] munmap(0x7f0a78000000, 262144) = 0 [pid 3695] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3695] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3695] close(3) = 0 [pid 3695] mkdir("./file0", 0777) = 0 [ 72.287455][ T3695] loop0: detected capacity change from 0 to 512 [ 72.297464][ T3695] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 72.309709][ T3695] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.321465][ T3695] EXT4-fs (loop0): 1 truncate cleaned up [pid 3695] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3695] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3695] chdir("./file0") = 0 [pid 3695] ioctl(4, LOOP_CLR_FD) = 0 [pid 3695] close(4) = 0 [pid 3695] exit_group(0) = ? [pid 3695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 72.349056][ T3695] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3697 ./strace-static-x86_64: Process 3697 attached [pid 3697] chdir("./30") = 0 [pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3697] setpgid(0, 0) = 0 [pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3697] write(3, "1000", 4) = 4 [pid 3697] close(3) = 0 [pid 3697] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3697] memfd_create("syzkaller", 0) = 3 [pid 3697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3697] munmap(0x7f0a78000000, 262144) = 0 [pid 3697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 72.390482][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3697] close(3) = 0 [pid 3697] mkdir("./file0", 0777) = 0 [ 72.434222][ T3697] loop0: detected capacity change from 0 to 512 [ 72.446882][ T3697] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 72.457825][ T3697] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.468132][ T3697] EXT4-fs (loop0): 1 truncate cleaned up [pid 3697] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3697] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3697] chdir("./file0") = 0 [pid 3697] ioctl(4, LOOP_CLR_FD) = 0 [pid 3697] close(4) = 0 [pid 3697] exit_group(0) = ? [pid 3697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3699 ./strace-static-x86_64: Process 3699 attached [pid 3699] chdir("./31") = 0 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3699] memfd_create("syzkaller", 0) = 3 [pid 3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3699] munmap(0x7f0a78000000, 262144) = 0 [pid 3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 72.518980][ T3697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 72.554436][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3699] close(3) = 0 [pid 3699] mkdir("./file0", 0777) = 0 [ 72.596574][ T3699] loop0: detected capacity change from 0 to 512 [ 72.606780][ T3699] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 72.618558][ T3699] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.630144][ T3699] EXT4-fs (loop0): 1 truncate cleaned up [pid 3699] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3699] chdir("./file0") = 0 [pid 3699] ioctl(4, LOOP_CLR_FD) = 0 [pid 3699] close(4) = 0 [pid 3699] exit_group(0) = ? [pid 3699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 72.642426][ T3699] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3701 ./strace-static-x86_64: Process 3701 attached [pid 3701] chdir("./32") = 0 [pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3701] setpgid(0, 0) = 0 [pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3701] write(3, "1000", 4) = 4 [pid 3701] close(3) = 0 [pid 3701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3701] memfd_create("syzkaller", 0) = 3 [pid 3701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3701] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 72.673872][ T3634] EXT4-fs (loop0): unmounting filesystem. [pid 3701] munmap(0x7f0a78000000, 262144) = 0 [pid 3701] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3701] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3701] close(3) = 0 [pid 3701] mkdir("./file0", 0777) = 0 [pid 3701] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3701] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3701] chdir("./file0") = 0 [pid 3701] ioctl(4, LOOP_CLR_FD) = 0 [pid 3701] close(4) = 0 [pid 3701] exit_group(0) = ? [pid 3701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 [ 72.738103][ T3701] loop0: detected capacity change from 0 to 512 [ 72.747658][ T3701] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 72.759048][ T3701] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.772236][ T3701] EXT4-fs (loop0): 1 truncate cleaned up umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3703 ./strace-static-x86_64: Process 3703 attached [pid 3703] chdir("./33") = 0 [pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3703] setpgid(0, 0) = 0 [pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3703] write(3, "1000", 4) = 4 [pid 3703] close(3) = 0 [pid 3703] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3703] memfd_create("syzkaller", 0) = 3 [pid 3703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3703] munmap(0x7f0a78000000, 262144) = 0 [pid 3703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3703] close(3) = 0 [pid 3703] mkdir("./file0", 0777) = 0 [pid 3703] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3703] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3703] chdir("./file0") = 0 [pid 3703] ioctl(4, LOOP_CLR_FD) = 0 [pid 3703] close(4) = 0 [pid 3703] exit_group(0) = ? [pid 3703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.881655][ T3703] loop0: detected capacity change from 0 to 512 [ 72.894392][ T3703] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 72.905656][ T3703] EXT4-fs (loop0): orphan cleanup on readonly fs [ 72.916051][ T3703] EXT4-fs (loop0): 1 truncate cleaned up lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3705 ./strace-static-x86_64: Process 3705 attached [pid 3705] chdir("./34") = 0 [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3705] memfd_create("syzkaller", 0) = 3 [pid 3705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3705] munmap(0x7f0a78000000, 262144) = 0 [pid 3705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3705] close(3) = 0 [pid 3705] mkdir("./file0", 0777) = 0 [pid 3705] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3705] chdir("./file0") = 0 [pid 3705] ioctl(4, LOOP_CLR_FD) = 0 [pid 3705] close(4) = 0 [pid 3705] exit_group(0) = ? [pid 3705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 72.997354][ T3705] loop0: detected capacity change from 0 to 512 [ 73.009879][ T3705] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.020954][ T3705] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.034840][ T3705] EXT4-fs (loop0): 1 truncate cleaned up umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3707 attached , child_tidptr=0x55555748e5d0) = 3707 [pid 3707] chdir("./35") = 0 [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3707] setpgid(0, 0) = 0 [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3707] write(3, "1000", 4) = 4 [pid 3707] close(3) = 0 [pid 3707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3707] memfd_create("syzkaller", 0) = 3 [pid 3707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3707] munmap(0x7f0a78000000, 262144) = 0 [pid 3707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3707] close(3) = 0 [pid 3707] mkdir("./file0", 0777) = 0 [pid 3707] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3707] chdir("./file0") = 0 [pid 3707] ioctl(4, LOOP_CLR_FD) = 0 [pid 3707] close(4) = 0 [pid 3707] exit_group(0) = ? [pid 3707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 73.117847][ T3707] loop0: detected capacity change from 0 to 512 [ 73.128445][ T3707] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.140393][ T3707] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.152073][ T3707] EXT4-fs (loop0): 1 truncate cleaned up umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3709 ./strace-static-x86_64: Process 3709 attached [pid 3709] chdir("./36") = 0 [pid 3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3709] setpgid(0, 0) = 0 [pid 3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3709] write(3, "1000", 4) = 4 [pid 3709] close(3) = 0 [pid 3709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3709] memfd_create("syzkaller", 0) = 3 [pid 3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3709] munmap(0x7f0a78000000, 262144) = 0 [pid 3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3709] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3709] close(3) = 0 [pid 3709] mkdir("./file0", 0777) = 0 [pid 3709] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3709] chdir("./file0") = 0 [pid 3709] ioctl(4, LOOP_CLR_FD) = 0 [pid 3709] close(4) = 0 [pid 3709] exit_group(0) = ? [pid 3709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 [ 73.235937][ T3709] loop0: detected capacity change from 0 to 512 [ 73.246523][ T3709] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.257982][ T3709] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.268875][ T3709] EXT4-fs (loop0): 1 truncate cleaned up umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3711 attached , child_tidptr=0x55555748e5d0) = 3711 [pid 3711] chdir("./37") = 0 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3711] memfd_create("syzkaller", 0) = 3 [pid 3711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3711] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3711] munmap(0x7f0a78000000, 262144) = 0 [pid 3711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3711] close(3) = 0 [pid 3711] mkdir("./file0", 0777) = 0 [pid 3711] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3711] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3711] chdir("./file0") = 0 [pid 3711] ioctl(4, LOOP_CLR_FD) = 0 [pid 3711] close(4) = 0 [pid 3711] exit_group(0) = ? [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 73.372621][ T3711] loop0: detected capacity change from 0 to 512 [ 73.384185][ T3711] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.395175][ T3711] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.405359][ T3711] EXT4-fs (loop0): 1 truncate cleaned up umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3713 attached , child_tidptr=0x55555748e5d0) = 3713 [pid 3713] chdir("./38") = 0 [pid 3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3713] setpgid(0, 0) = 0 [pid 3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3713] write(3, "1000", 4) = 4 [pid 3713] close(3) = 0 [pid 3713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3713] memfd_create("syzkaller", 0) = 3 [pid 3713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3713] munmap(0x7f0a78000000, 262144) = 0 [pid 3713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3713] close(3) = 0 [pid 3713] mkdir("./file0", 0777) = 0 [pid 3713] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3713] chdir("./file0") = 0 [pid 3713] ioctl(4, LOOP_CLR_FD) = 0 [pid 3713] close(4) = 0 [pid 3713] exit_group(0) = ? [pid 3713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 [ 73.486491][ T3713] loop0: detected capacity change from 0 to 512 [ 73.497326][ T3713] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.508274][ T3713] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.518087][ T3713] EXT4-fs (loop0): 1 truncate cleaned up umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3715 attached , child_tidptr=0x55555748e5d0) = 3715 [pid 3715] chdir("./39") = 0 [pid 3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3715] setpgid(0, 0) = 0 [pid 3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3715] write(3, "1000", 4) = 4 [pid 3715] close(3) = 0 [pid 3715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3715] memfd_create("syzkaller", 0) = 3 [pid 3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3715] munmap(0x7f0a78000000, 262144) = 0 [pid 3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3715] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3715] close(3) = 0 [pid 3715] mkdir("./file0", 0777) = 0 [pid 3715] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3715] chdir("./file0") = 0 [pid 3715] ioctl(4, LOOP_CLR_FD) = 0 [ 73.633266][ T3715] loop0: detected capacity change from 0 to 512 [ 73.642810][ T3715] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.654238][ T3715] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.664671][ T3715] EXT4-fs (loop0): 1 truncate cleaned up [pid 3715] close(4) = 0 [pid 3715] exit_group(0) = ? [pid 3715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3717 attached [pid 3717] chdir("./40") = 0 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3717 [pid 3717] setpgid(0, 0) = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3717] memfd_create("syzkaller", 0) = 3 [pid 3717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3717] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3717] munmap(0x7f0a78000000, 262144) = 0 [pid 3717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3717] close(3) = 0 [pid 3717] mkdir("./file0", 0777) = 0 [pid 3717] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3717] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3717] chdir("./file0") = 0 [pid 3717] ioctl(4, LOOP_CLR_FD) = 0 [pid 3717] close(4) = 0 [pid 3717] exit_group(0) = ? [pid 3717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.785119][ T3717] loop0: detected capacity change from 0 to 512 [ 73.795024][ T3717] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.807365][ T3717] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.820379][ T3717] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3719 ./strace-static-x86_64: Process 3719 attached [pid 3719] chdir("./41") = 0 [pid 3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3719] setpgid(0, 0) = 0 [pid 3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3719] write(3, "1000", 4) = 4 [pid 3719] close(3) = 0 [pid 3719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3719] memfd_create("syzkaller", 0) = 3 [pid 3719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3719] munmap(0x7f0a78000000, 262144) = 0 [pid 3719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3719] close(3) = 0 [pid 3719] mkdir("./file0", 0777) = 0 [pid 3719] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3719] chdir("./file0") = 0 [pid 3719] ioctl(4, LOOP_CLR_FD) = 0 [pid 3719] close(4) = 0 [pid 3719] exit_group(0) = ? [pid 3719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 73.901204][ T3719] loop0: detected capacity change from 0 to 512 [ 73.912774][ T3719] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 73.924100][ T3719] EXT4-fs (loop0): orphan cleanup on readonly fs [ 73.935000][ T3719] EXT4-fs (loop0): 1 truncate cleaned up umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3722 ./strace-static-x86_64: Process 3722 attached [pid 3722] chdir("./42") = 0 [pid 3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3722] setpgid(0, 0) = 0 [pid 3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3722] write(3, "1000", 4) = 4 [pid 3722] close(3) = 0 [pid 3722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3722] memfd_create("syzkaller", 0) = 3 [pid 3722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3722] munmap(0x7f0a78000000, 262144) = 0 [pid 3722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3722] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3722] close(3) = 0 [pid 3722] mkdir("./file0", 0777) = 0 [pid 3722] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3722] chdir("./file0") = 0 [pid 3722] ioctl(4, LOOP_CLR_FD) = 0 [pid 3722] close(4) = 0 [pid 3722] exit_group(0) = ? [pid 3722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 74.029985][ T3722] loop0: detected capacity change from 0 to 512 [ 74.041331][ T3722] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.052645][ T3722] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.064512][ T3722] EXT4-fs (loop0): 1 truncate cleaned up umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3724 ./strace-static-x86_64: Process 3724 attached [pid 3724] chdir("./43") = 0 [pid 3724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3724] setpgid(0, 0) = 0 [pid 3724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3724] write(3, "1000", 4) = 4 [pid 3724] close(3) = 0 [pid 3724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3724] memfd_create("syzkaller", 0) = 3 [pid 3724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3724] munmap(0x7f0a78000000, 262144) = 0 [pid 3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3724] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3724] close(3) = 0 [pid 3724] mkdir("./file0", 0777) = 0 [pid 3724] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3724] chdir("./file0") = 0 [pid 3724] ioctl(4, LOOP_CLR_FD) = 0 [pid 3724] close(4) = 0 [pid 3724] exit_group(0) = ? [pid 3724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3724, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 74.161005][ T3724] loop0: detected capacity change from 0 to 512 [ 74.171646][ T3724] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.182469][ T3724] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.192688][ T3724] EXT4-fs (loop0): 1 truncate cleaned up umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3726 ./strace-static-x86_64: Process 3726 attached [pid 3726] chdir("./44") = 0 [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3726] memfd_create("syzkaller", 0) = 3 [pid 3726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3726] munmap(0x7f0a78000000, 262144) = 0 [pid 3726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3726] close(3) = 0 [pid 3726] mkdir("./file0", 0777) = 0 [pid 3726] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3726] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3726] chdir("./file0") = 0 [pid 3726] ioctl(4, LOOP_CLR_FD) = 0 [pid 3726] close(4) = 0 [pid 3726] exit_group(0) = ? [ 74.306777][ T3726] loop0: detected capacity change from 0 to 512 [ 74.318197][ T3726] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.329605][ T3726] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.339908][ T3726] EXT4-fs (loop0): 1 truncate cleaned up [pid 3726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3728 ./strace-static-x86_64: Process 3728 attached [pid 3728] chdir("./45") = 0 [pid 3728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3728] setpgid(0, 0) = 0 [pid 3728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3728] write(3, "1000", 4) = 4 [pid 3728] close(3) = 0 [pid 3728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3728] memfd_create("syzkaller", 0) = 3 [pid 3728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3728] munmap(0x7f0a78000000, 262144) = 0 [pid 3728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3728] close(3) = 0 [pid 3728] mkdir("./file0", 0777) = 0 [pid 3728] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3728] chdir("./file0") = 0 [pid 3728] ioctl(4, LOOP_CLR_FD) = 0 [pid 3728] close(4) = 0 [pid 3728] exit_group(0) = ? [pid 3728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3728, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 [ 74.438597][ T3728] loop0: detected capacity change from 0 to 512 [ 74.450931][ T3728] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.461556][ T3728] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.471968][ T3728] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3730 ./strace-static-x86_64: Process 3730 attached [pid 3730] chdir("./46") = 0 [pid 3730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3730] setpgid(0, 0) = 0 [pid 3730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3730] write(3, "1000", 4) = 4 [pid 3730] close(3) = 0 [pid 3730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3730] memfd_create("syzkaller", 0) = 3 [pid 3730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3730] munmap(0x7f0a78000000, 262144) = 0 [pid 3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3730] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3730] close(3) = 0 [pid 3730] mkdir("./file0", 0777) = 0 [pid 3730] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3730] chdir("./file0") = 0 [pid 3730] ioctl(4, LOOP_CLR_FD) = 0 [pid 3730] close(4) = 0 [pid 3730] exit_group(0) = ? [ 74.542587][ T3730] loop0: detected capacity change from 0 to 512 [ 74.553119][ T3730] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.564079][ T3730] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.575106][ T3730] EXT4-fs (loop0): 1 truncate cleaned up [pid 3730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3730, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3732 ./strace-static-x86_64: Process 3732 attached [pid 3732] chdir("./47") = 0 [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3732] memfd_create("syzkaller", 0) = 3 [pid 3732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3732] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3732] munmap(0x7f0a78000000, 262144) = 0 [pid 3732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3732] close(3) = 0 [pid 3732] mkdir("./file0", 0777) = 0 [pid 3732] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3732] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3732] chdir("./file0") = 0 [pid 3732] ioctl(4, LOOP_CLR_FD) = 0 [pid 3732] close(4) = 0 [pid 3732] exit_group(0) = ? [ 74.674357][ T3732] loop0: detected capacity change from 0 to 512 [ 74.686808][ T3732] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.698114][ T3732] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.709428][ T3732] EXT4-fs (loop0): 1 truncate cleaned up [pid 3732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3734 ./strace-static-x86_64: Process 3734 attached [pid 3734] chdir("./48") = 0 [pid 3734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3734] setpgid(0, 0) = 0 [pid 3734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3734] write(3, "1000", 4) = 4 [pid 3734] close(3) = 0 [pid 3734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3734] memfd_create("syzkaller", 0) = 3 [pid 3734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3734] munmap(0x7f0a78000000, 262144) = 0 [pid 3734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3734] close(3) = 0 [pid 3734] mkdir("./file0", 0777) = 0 [pid 3734] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3734] chdir("./file0") = 0 [pid 3734] ioctl(4, LOOP_CLR_FD) = 0 [pid 3734] close(4) = 0 [pid 3734] exit_group(0) = ? [pid 3734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3734, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 [ 74.822522][ T3734] loop0: detected capacity change from 0 to 512 [ 74.832336][ T3734] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.843059][ T3734] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.853548][ T3734] EXT4-fs (loop0): 1 truncate cleaned up umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3736 attached [pid 3736] chdir("./49" [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3736 [pid 3736] <... chdir resumed>) = 0 [pid 3736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3736] setpgid(0, 0) = 0 [pid 3736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3736] write(3, "1000", 4) = 4 [pid 3736] close(3) = 0 [pid 3736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3736] memfd_create("syzkaller", 0) = 3 [pid 3736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3736] munmap(0x7f0a78000000, 262144) = 0 [pid 3736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3736] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3736] close(3) = 0 [pid 3736] mkdir("./file0", 0777) = 0 [pid 3736] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3736] chdir("./file0") = 0 [pid 3736] ioctl(4, LOOP_CLR_FD) = 0 [pid 3736] close(4) = 0 [pid 3736] exit_group(0) = ? [pid 3736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3736, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 74.960726][ T3736] loop0: detected capacity change from 0 to 512 [ 74.970596][ T3736] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 74.981316][ T3736] EXT4-fs (loop0): orphan cleanup on readonly fs [ 74.991351][ T3736] EXT4-fs (loop0): 1 truncate cleaned up fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3738 ./strace-static-x86_64: Process 3738 attached [pid 3738] chdir("./50") = 0 [pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3738] setpgid(0, 0) = 0 [pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3738] write(3, "1000", 4) = 4 [pid 3738] close(3) = 0 [pid 3738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3738] memfd_create("syzkaller", 0) = 3 [pid 3738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3738] munmap(0x7f0a78000000, 262144) = 0 [pid 3738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3738] close(3) = 0 [pid 3738] mkdir("./file0", 0777) = 0 [pid 3738] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3738] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3738] chdir("./file0") = 0 [pid 3738] ioctl(4, LOOP_CLR_FD) = 0 [pid 3738] close(4) = 0 [pid 3738] exit_group(0) = ? [pid 3738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [ 75.113053][ T3738] loop0: detected capacity change from 0 to 512 [ 75.124508][ T3738] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 75.135521][ T3738] EXT4-fs (loop0): orphan cleanup on readonly fs [ 75.146035][ T3738] EXT4-fs (loop0): 1 truncate cleaned up restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3740 ./strace-static-x86_64: Process 3740 attached [pid 3740] chdir("./51") = 0 [pid 3740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3740] setpgid(0, 0) = 0 [pid 3740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3740] write(3, "1000", 4) = 4 [pid 3740] close(3) = 0 [pid 3740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3740] memfd_create("syzkaller", 0) = 3 [pid 3740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3740] munmap(0x7f0a78000000, 262144) = 0 [pid 3740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3740] close(3) = 0 [pid 3740] mkdir("./file0", 0777) = 0 [pid 3740] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3740] chdir("./file0") = 0 [pid 3740] ioctl(4, LOOP_CLR_FD) = 0 [pid 3740] close(4) = 0 [pid 3740] exit_group(0) = ? [pid 3740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3740, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 [ 75.243818][ T3740] loop0: detected capacity change from 0 to 512 [ 75.256075][ T3740] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 75.267362][ T3740] EXT4-fs (loop0): orphan cleanup on readonly fs [ 75.277961][ T3740] EXT4-fs (loop0): 1 truncate cleaned up umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3742 ./strace-static-x86_64: Process 3742 attached [pid 3742] chdir("./52") = 0 [pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3742] setpgid(0, 0) = 0 [pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3742] write(3, "1000", 4) = 4 [pid 3742] close(3) = 0 [pid 3742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3742] memfd_create("syzkaller", 0) = 3 [pid 3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3742] munmap(0x7f0a78000000, 262144) = 0 [pid 3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3742] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3742] close(3) = 0 [pid 3742] mkdir("./file0", 0777) = 0 [pid 3742] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3742] chdir("./file0") = 0 [pid 3742] ioctl(4, LOOP_CLR_FD) = 0 [pid 3742] close(4) = 0 [pid 3742] exit_group(0) = ? [pid 3742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 [ 75.382009][ T3742] loop0: detected capacity change from 0 to 512 [ 75.391397][ T3742] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 75.403098][ T3742] EXT4-fs (loop0): orphan cleanup on readonly fs [ 75.413172][ T3742] EXT4-fs (loop0): 1 truncate cleaned up mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3744 ./strace-static-x86_64: Process 3744 attached [pid 3744] chdir("./53") = 0 [pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3744] setpgid(0, 0) = 0 [pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3744] write(3, "1000", 4) = 4 [pid 3744] close(3) = 0 [pid 3744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3744] memfd_create("syzkaller", 0) = 3 [pid 3744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3744] munmap(0x7f0a78000000, 262144) = 0 [pid 3744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3744] close(3) = 0 [pid 3744] mkdir("./file0", 0777) = 0 [ 75.487402][ T3744] loop0: detected capacity change from 0 to 512 [ 75.501003][ T3744] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 75.521944][ T3744] EXT4-fs (loop0): orphan cleanup on readonly fs [pid 3744] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3744] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3744] chdir("./file0") = 0 [pid 3744] ioctl(4, LOOP_CLR_FD) = 0 [pid 3744] close(4) = 0 [pid 3744] exit_group(0) = ? [pid 3744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 75.534163][ T3744] EXT4-fs (loop0): 1 truncate cleaned up umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3746 ./strace-static-x86_64: Process 3746 attached [pid 3746] chdir("./54") = 0 [pid 3746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3746] setpgid(0, 0) = 0 [pid 3746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3746] write(3, "1000", 4) = 4 [pid 3746] close(3) = 0 [pid 3746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3746] memfd_create("syzkaller", 0) = 3 [pid 3746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3746] munmap(0x7f0a78000000, 262144) = 0 [pid 3746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3746] close(3) = 0 [pid 3746] mkdir("./file0", 0777) = 0 [pid 3746] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3746] chdir("./file0") = 0 [pid 3746] ioctl(4, LOOP_CLR_FD) = 0 [pid 3746] close(4) = 0 [pid 3746] exit_group(0) = ? [pid 3746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3746, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.623476][ T3746] loop0: detected capacity change from 0 to 512 [ 75.633283][ T3746] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 75.644541][ T3746] EXT4-fs (loop0): orphan cleanup on readonly fs [ 75.656261][ T3746] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3748 attached , child_tidptr=0x55555748e5d0) = 3748 [pid 3748] chdir("./55") = 0 [pid 3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3748] setpgid(0, 0) = 0 [pid 3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3748] write(3, "1000", 4) = 4 [pid 3748] close(3) = 0 [pid 3748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3748] memfd_create("syzkaller", 0) = 3 [pid 3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3748] munmap(0x7f0a78000000, 262144) = 0 [pid 3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3748] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3748] close(3) = 0 [pid 3748] mkdir("./file0", 0777) = 0 [ 75.735361][ T3748] loop0: detected capacity change from 0 to 512 [ 75.744966][ T3748] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 75.756001][ T3748] EXT4-fs (loop0): orphan cleanup on readonly fs [ 75.766481][ T3748] [ 75.768838][ T3748] ====================================================== [ 75.775867][ T3748] WARNING: possible circular locking dependency detected [ 75.782886][ T3748] 6.1.0-rc7-syzkaller-00103-gef4d3ea40565 #0 Not tainted [ 75.789977][ T3748] ------------------------------------------------------ [ 75.797078][ T3748] syz-executor116/3748 is trying to acquire lock: [ 75.803484][ T3748] ffff88806f557768 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x58/0x4e0 [ 75.812371][ T3748] [ 75.812371][ T3748] but task is already holding lock: [ 75.819779][ T3748] ffff888071f38c90 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0xa06/0xeb0 [ 75.829061][ T3748] [ 75.829061][ T3748] which lock already depends on the new lock. [ 75.829061][ T3748] [ 75.839718][ T3748] [ 75.839718][ T3748] the existing dependency chain (in reverse order) is: [ 75.848837][ T3748] [ 75.848837][ T3748] -> #2 (&ei->i_data_sem/2){++++}-{3:3}: [ 75.856658][ T3748] lock_acquire+0x182/0x3c0 [ 75.861683][ T3748] down_read+0x39/0x50 [ 75.866286][ T3748] ext4_map_blocks+0x398/0x1cc0 [ 75.871662][ T3748] ext4_getblk+0x1b9/0x770 [ 75.876604][ T3748] ext4_bread+0x2a/0x170 [ 75.881383][ T3748] ext4_quota_write+0x225/0x570 [ 75.886773][ T3748] get_free_dqblk+0x34a/0x6d0 [ 75.891968][ T3748] do_insert_tree+0x271/0x1b50 [ 75.897249][ T3748] do_insert_tree+0x744/0x1b50 [ 75.902529][ T3748] qtree_write_dquot+0x3b6/0x530 [ 75.908109][ T3748] v2_write_dquot+0x11b/0x190 [ 75.913342][ T3748] dquot_acquire+0x348/0x670 [ 75.918482][ T3748] ext4_acquire_dquot+0x2e0/0x400 [ 75.924049][ T3748] dqget+0x999/0xdc0 [ 75.928471][ T3748] __dquot_initialize+0x3d0/0xcf0 [ 75.934040][ T3748] ext4_process_orphan+0x57/0x2d0 [ 75.939586][ T3748] ext4_orphan_cleanup+0xb60/0x1340 [ 75.945311][ T3748] ext4_fill_super+0x80ed/0x8610 [ 75.950775][ T3748] get_tree_bdev+0x400/0x620 [ 75.955884][ T3748] vfs_get_tree+0x88/0x270 [ 75.960821][ T3748] do_new_mount+0x289/0xad0 [ 75.965929][ T3748] __se_sys_mount+0x2d3/0x3c0 [ 75.971125][ T3748] do_syscall_64+0x3d/0xb0 [ 75.976062][ T3748] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.982474][ T3748] [ 75.982474][ T3748] -> #1 (&s->s_dquot.dqio_sem){++++}-{3:3}: [ 75.990551][ T3748] lock_acquire+0x182/0x3c0 [ 75.995580][ T3748] down_read+0x39/0x50 [ 76.000173][ T3748] v2_read_dquot+0x4a/0x100 [ 76.005204][ T3748] dquot_acquire+0x186/0x670 [ 76.010419][ T3748] ext4_acquire_dquot+0x2e0/0x400 [ 76.016336][ T3748] dqget+0x999/0xdc0 [ 76.020845][ T3748] __dquot_initialize+0x291/0xcf0 [ 76.026395][ T3748] ext4_process_orphan+0x57/0x2d0 [ 76.031937][ T3748] ext4_orphan_cleanup+0xb60/0x1340 [ 76.037653][ T3748] ext4_fill_super+0x80ed/0x8610 [ 76.043126][ T3748] get_tree_bdev+0x400/0x620 [ 76.048253][ T3748] vfs_get_tree+0x88/0x270 [ 76.053198][ T3748] do_new_mount+0x289/0xad0 [ 76.058248][ T3748] __se_sys_mount+0x2d3/0x3c0 [ 76.063710][ T3748] do_syscall_64+0x3d/0xb0 [ 76.068650][ T3748] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.075070][ T3748] [ 76.075070][ T3748] -> #0 (&dquot->dq_lock){+.+.}-{3:3}: [ 76.082715][ T3748] validate_chain+0x1898/0x6ae0 [ 76.088104][ T3748] __lock_acquire+0x1292/0x1f60 [ 76.093498][ T3748] lock_acquire+0x182/0x3c0 [ 76.098517][ T3748] __mutex_lock_common+0x1bd/0x26e0 [ 76.104682][ T3748] mutex_lock_nested+0x17/0x20 [ 76.110053][ T3748] dquot_commit+0x58/0x4e0 [ 76.114993][ T3748] ext4_write_dquot+0x1e4/0x2b0 [ 76.120366][ T3748] __dquot_free_space+0x9a8/0xfb0 [ 76.125919][ T3748] ext4_free_blocks+0x1c4a/0x2810 [ 76.131482][ T3748] ext4_ext_remove_space+0x1f5b/0x46b0 [ 76.137456][ T3748] ext4_ext_truncate+0x177/0x220 [ 76.142910][ T3748] ext4_truncate+0xa7c/0xeb0 [ 76.148108][ T3748] ext4_process_orphan+0x1aa/0x2d0 [ 76.153735][ T3748] ext4_orphan_cleanup+0xb60/0x1340 [ 76.159452][ T3748] ext4_fill_super+0x80ed/0x8610 [ 76.164906][ T3748] get_tree_bdev+0x400/0x620 [ 76.170040][ T3748] vfs_get_tree+0x88/0x270 [ 76.174979][ T3748] do_new_mount+0x289/0xad0 [ 76.179998][ T3748] __se_sys_mount+0x2d3/0x3c0 [ 76.185190][ T3748] do_syscall_64+0x3d/0xb0 [ 76.190122][ T3748] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.196535][ T3748] [ 76.196535][ T3748] other info that might help us debug this: [ 76.196535][ T3748] [ 76.206758][ T3748] Chain exists of: [ 76.206758][ T3748] &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2 [ 76.206758][ T3748] [ 76.220404][ T3748] Possible unsafe locking scenario: [ 76.220404][ T3748] [ 76.227846][ T3748] CPU0 CPU1 [ 76.233211][ T3748] ---- ---- [ 76.238569][ T3748] lock(&ei->i_data_sem/2); [ 76.243169][ T3748] lock(&s->s_dquot.dqio_sem); [ 76.250535][ T3748] lock(&ei->i_data_sem/2); [ 76.257736][ T3748] lock(&dquot->dq_lock); [ 76.262157][ T3748] [ 76.262157][ T3748] *** DEADLOCK *** [ 76.262157][ T3748] [ 76.270316][ T3748] 4 locks held by syz-executor116/3748: [ 76.275879][ T3748] #0: ffff8880276ca0e0 (&type->s_umount_key#27/1){+.+.}-{3:3}, at: alloc_super+0x212/0x920 [ 76.285994][ T3748] #1: ffff888071f38e08 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_process_orphan+0x164/0x2d0 [ 76.296967][ T3748] #2: ffff888071f38c90 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_truncate+0xa06/0xeb0 [ 76.306736][ T3748] #3: ffffffff8d26c508 (dquot_srcu){....}-{0:0}, at: rcu_lock_acquire+0x5/0x30 [ 76.315821][ T3748] [ 76.315821][ T3748] stack backtrace: [ 76.321715][ T3748] CPU: 0 PID: 3748 Comm: syz-executor116 Not tainted 6.1.0-rc7-syzkaller-00103-gef4d3ea40565 #0 [ 76.332144][ T3748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 76.342193][ T3748] Call Trace: [ 76.345478][ T3748] [ 76.348428][ T3748] dump_stack_lvl+0x1b1/0x28e [ 76.353122][ T3748] ? nf_tcp_handle_invalid+0x62e/0x62e [ 76.358609][ T3748] ? print_circular_bug+0x13e/0x1c0 [ 76.363836][ T3748] check_noncircular+0x2cc/0x390 [ 76.368780][ T3748] ? add_chain_block+0x850/0x850 [ 76.373730][ T3748] ? lockdep_lock+0x102/0x290 [ 76.378405][ T3748] ? stack_trace_save+0x104/0x1e0 [ 76.383450][ T3748] ? _find_first_zero_bit+0xe8/0x110 [ 76.388880][ T3748] validate_chain+0x1898/0x6ae0 [ 76.393742][ T3748] ? check_noncircular+0x1aa/0x390 [ 76.398853][ T3748] ? reacquire_held_locks+0x650/0x650 [ 76.404223][ T3748] ? add_chain_block+0x850/0x850 [ 76.409160][ T3748] ? lockdep_lock+0x102/0x290 [ 76.413836][ T3748] ? lockdep_unlock+0x144/0x2e0 [ 76.418696][ T3748] ? lockdep_lock+0x290/0x290 [ 76.423382][ T3748] ? reacquire_held_locks+0x650/0x650 [ 76.428767][ T3748] ? _find_first_zero_bit+0xe8/0x110 [ 76.434063][ T3748] ? validate_chain+0x177/0x6ae0 [ 76.439015][ T3748] ? reacquire_held_locks+0x650/0x650 [ 76.444395][ T3748] ? noop_count+0x30/0x30 [ 76.448909][ T3748] ? reacquire_held_locks+0x650/0x650 [ 76.454313][ T3748] ? check_noncircular+0x1aa/0x390 [ 76.459610][ T3748] ? reacquire_held_locks+0x650/0x650 [ 76.464988][ T3748] ? lockdep_lock+0x102/0x290 [ 76.469672][ T3748] ? _find_first_zero_bit+0xe8/0x110 [ 76.474965][ T3748] ? validate_chain+0x1478/0x6ae0 [ 76.479998][ T3748] ? reacquire_held_locks+0x650/0x650 [ 76.485370][ T3748] ? validate_chain+0x1478/0x6ae0 [ 76.490434][ T3748] ? check_path+0x21/0x40 [ 76.494783][ T3748] ? check_noncircular+0x1aa/0x390 [ 76.499898][ T3748] ? add_chain_block+0x850/0x850 [ 76.504943][ T3748] ? stack_trace_save+0x1e0/0x1e0 [ 76.509986][ T3748] ? rcu_read_lock_sched_held+0x87/0x110 [ 76.515650][ T3748] ? rcu_read_lock_sched_held+0x87/0x110 [ 76.521303][ T3748] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 76.527288][ T3748] ? rcu_read_lock_sched_held+0x87/0x110 [ 76.532918][ T3748] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 76.538904][ T3748] ? finish_lock_switch+0x89/0x100 [ 76.544021][ T3748] ? trace_lock_release+0x95/0x220 [ 76.549140][ T3748] ? rcu_read_lock_sched_held+0x87/0x110 [ 76.554773][ T3748] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 76.560760][ T3748] ? mark_lock+0x9a/0x350 [ 76.565118][ T3748] ? __lock_acquire+0x1292/0x1f60 [ 76.570147][ T3748] ? rcu_preempt_deferred_qs_irqrestore+0x849/0xc10 [ 76.576746][ T3748] ? trace_lock_release+0x95/0x220 [ 76.581863][ T3748] ? mark_lock+0x9a/0x350 [ 76.586208][ T3748] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 76.592200][ T3748] ? mark_lock+0x9a/0x350 [ 76.596536][ T3748] ? rcu_read_lock_sched_held+0x87/0x110 [ 76.602166][ T3748] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 76.608148][ T3748] ? try_to_del_timer_sync+0x30e/0x3a0 [ 76.613616][ T3748] ? mark_lock+0x9a/0x350 [ 76.617968][ T3748] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 76.623955][ T3748] ? print_irqtrace_events+0x220/0x220 [ 76.629420][ T3748] ? __free_object+0x1fb/0xa60 [ 76.634178][ T3748] ? lockdep_hardirqs_on+0x8d/0x130 [ 76.639377][ T3748] ? mark_lock+0x9a/0x350 [ 76.643708][ T3748] ? mark_lock+0x9a/0x350 [ 76.648048][ T3748] ? __lock_acquire+0x1292/0x1f60 [ 76.653073][ T3748] ? mark_lock+0x9a/0x350 [ 76.657407][ T3748] __lock_acquire+0x1292/0x1f60 [ 76.662263][ T3748] lock_acquire+0x182/0x3c0 [ 76.666763][ T3748] ? dquot_commit+0x58/0x4e0 [ 76.671405][ T3748] ? read_lock_is_recursive+0x10/0x10 [ 76.676794][ T3748] ? debug_check_no_obj_freed+0x5c2/0x650 [ 76.682511][ T3748] ? __might_sleep+0xc0/0xc0 [ 76.687108][ T3748] __mutex_lock_common+0x1bd/0x26e0 [ 76.692309][ T3748] ? dquot_commit+0x58/0x4e0 [ 76.696923][ T3748] ? dquot_commit+0x58/0x4e0 [ 76.701526][ T3748] ? __might_sleep+0xc0/0xc0 [ 76.706136][ T3748] ? mutex_lock_io_nested+0x60/0x60 [ 76.711336][ T3748] ? rcu_read_lock_sched_held+0x87/0x110 [ 76.716968][ T3748] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 76.722954][ T3748] ? read_lock_is_recursive+0x10/0x10 [ 76.728339][ T3748] ? __lock_acquire+0x1f60/0x1f60 [ 76.733391][ T3748] mutex_lock_nested+0x17/0x20 [ 76.738172][ T3748] dquot_commit+0x58/0x4e0 [ 76.742593][ T3748] ? __ext4_journal_start_sb+0x16e/0x1d0 [ 76.748231][ T3748] ext4_write_dquot+0x1e4/0x2b0 [ 76.753125][ T3748] __dquot_free_space+0x9a8/0xfb0 [ 76.758160][ T3748] ? dquot_reclaim_space_nodirty+0x7f0/0x7f0 [ 76.764577][ T3748] ? ext4_block_bitmap_csum_set+0x1c3/0x4f0 [ 76.770654][ T3748] ? lockdep_count_forward_deps+0x1d0/0x240 [ 76.776566][ T3748] ext4_free_blocks+0x1c4a/0x2810 [ 76.781598][ T3748] ? __lock_acquire+0x1f60/0x1f60 [ 76.787500][ T3748] ? trace_ext4_allocate_blocks+0x2f0/0x2f0 [ 76.793401][ T3748] ? rcu_read_lock_sched_held+0x87/0x110 [ 76.799031][ T3748] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 76.805011][ T3748] ? __ext4_journal_ensure_credits+0x2c/0x460 [ 76.811089][ T3748] ? ext4_inode_journal_mode+0x185/0x460 [ 76.816725][ T3748] ? trace_ext4_remove_blocks+0x10b/0x330 [ 76.822444][ T3748] ext4_ext_remove_space+0x1f5b/0x46b0 [ 76.827918][ T3748] ? ext4_da_release_space+0x1de/0x370 [ 76.833384][ T3748] ? ext4_ext_index_trans_blocks+0x120/0x120 [ 76.839371][ T3748] ? ext4_es_remove_extent+0x1ab/0x260 [ 76.844847][ T3748] ? trace_ext4_es_lookup_extent_exit+0x300/0x300 [ 76.851257][ T3748] ? down_write+0x1a5/0x270 [ 76.855782][ T3748] ? trace_ext4_fc_stats+0x2f0/0x2f0 [ 76.861174][ T3748] ? down_read_killable+0x80/0x80 [ 76.866208][ T3748] ext4_ext_truncate+0x177/0x220 [ 76.871155][ T3748] ext4_truncate+0xa7c/0xeb0 [ 76.875767][ T3748] ? __ext4_mark_inode_dirty+0x670/0x670 [ 76.881678][ T3748] ext4_process_orphan+0x1aa/0x2d0 [ 76.886793][ T3748] ext4_orphan_cleanup+0xb60/0x1340 [ 76.891996][ T3748] ? ext4_orphan_del+0xc20/0xc20 [ 76.896931][ T3748] ? __init_swait_queue_head+0xa6/0x140 [ 76.902490][ T3748] ? errseq_check_and_advance+0x5e/0x110 [ 76.908179][ T3748] ext4_fill_super+0x80ed/0x8610 [ 76.913479][ T3748] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 76.919727][ T3748] ? snprintf+0xc0/0x110 [ 76.923975][ T3748] ? set_blocksize+0x1d5/0x360 [ 76.928749][ T3748] get_tree_bdev+0x400/0x620 [ 76.933358][ T3748] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 76.939601][ T3748] vfs_get_tree+0x88/0x270 [ 76.944023][ T3748] do_new_mount+0x289/0xad0 [ 76.948528][ T3748] ? do_move_mount_old+0x150/0x150 [ 76.953641][ T3748] ? user_path_at_empty+0x149/0x1a0 [ 76.958848][ T3748] __se_sys_mount+0x2d3/0x3c0 [ 76.963543][ T3748] ? __x64_sys_mount+0xc0/0xc0 [ 76.968312][ T3748] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 76.974294][ T3748] ? __x64_sys_mount+0x1c/0xc0 [ 76.979068][ T3748] do_syscall_64+0x3d/0xb0 [ 76.983506][ T3748] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.989398][ T3748] RIP: 0033:0x7f0a80630e4a [ 76.993810][ T3748] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.013411][ T3748] RSP: 002b:00007fff4ce01e28 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 77.021824][ T3748] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0a80630e4a [ 77.029793][ T3748] RDX: 0000000020000040 RSI: 0000000020000500 RDI: 00007fff4ce01e30 [pid 3748] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3748] chdir("./file0") = 0 [pid 3748] ioctl(4, LOOP_CLR_FD) = 0 [pid 3748] close(4) = 0 [pid 3748] exit_group(0) = ? [ 77.037860][ T3748] RBP: 00007fff4ce01e30 R08: 00007fff4ce01e70 R09: 00000000000004a5 [ 77.045847][ T3748] R10: 0000000000000047 R11: 0000000000000202 R12: 0000000000000004 [ 77.053814][ T3748] R13: 000055555748e2c0 R14: 00007fff4ce01e70 R15: 0000000000000000 [ 77.061805][ T3748] [ 77.067385][ T3748] EXT4-fs (loop0): 1 truncate cleaned up [pid 3748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3750 attached , child_tidptr=0x55555748e5d0) = 3750 [pid 3750] chdir("./56") = 0 [pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3750] setpgid(0, 0) = 0 [pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3750] write(3, "1000", 4) = 4 [pid 3750] close(3) = 0 [pid 3750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3750] memfd_create("syzkaller", 0) = 3 [pid 3750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3750] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3750] munmap(0x7f0a78000000, 262144) = 0 [pid 3750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 77.112151][ T3748] syz-executor116 (3748) used greatest stack depth: 16472 bytes left [pid 3750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3750] close(3) = 0 [pid 3750] mkdir("./file0", 0777) = 0 [pid 3750] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3750] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3750] chdir("./file0") = 0 [pid 3750] ioctl(4, LOOP_CLR_FD) = 0 [pid 3750] close(4) = 0 [pid 3750] exit_group(0) = ? [pid 3750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 [ 77.157770][ T3750] loop0: detected capacity change from 0 to 512 [ 77.167493][ T3750] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.178497][ T3750] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.187664][ T3750] EXT4-fs (loop0): 1 truncate cleaned up umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3752 attached , child_tidptr=0x55555748e5d0) = 3752 [pid 3752] chdir("./57") = 0 [pid 3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3752] setpgid(0, 0) = 0 [pid 3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3752] write(3, "1000", 4) = 4 [pid 3752] close(3) = 0 [pid 3752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3752] memfd_create("syzkaller", 0) = 3 [pid 3752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3752] munmap(0x7f0a78000000, 262144) = 0 [pid 3752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3752] close(3) = 0 [pid 3752] mkdir("./file0", 0777) = 0 [pid 3752] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3752] chdir("./file0") = 0 [pid 3752] ioctl(4, LOOP_CLR_FD) = 0 [pid 3752] close(4) = 0 [pid 3752] exit_group(0) = ? [pid 3752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3754 ./strace-static-x86_64: Process 3754 attached [pid 3754] chdir("./58") = 0 [pid 3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3754] setpgid(0, 0) = 0 [pid 3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3754] write(3, "1000", 4) = 4 [pid 3754] close(3) = 0 [ 77.265365][ T3752] loop0: detected capacity change from 0 to 512 [ 77.274362][ T3752] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.284870][ T3752] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.293433][ T3752] EXT4-fs (loop0): 1 truncate cleaned up [pid 3754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3754] memfd_create("syzkaller", 0) = 3 [pid 3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3754] munmap(0x7f0a78000000, 262144) = 0 [pid 3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3754] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3754] close(3) = 0 [pid 3754] mkdir("./file0", 0777) = 0 [pid 3754] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3754] chdir("./file0") = 0 [pid 3754] ioctl(4, LOOP_CLR_FD) = 0 [pid 3754] close(4) = 0 [pid 3754] exit_group(0) = ? [pid 3754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 77.353579][ T3754] loop0: detected capacity change from 0 to 512 [ 77.362103][ T3754] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.372841][ T3754] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.381433][ T3754] EXT4-fs (loop0): 1 truncate cleaned up umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3756 ./strace-static-x86_64: Process 3756 attached [pid 3756] chdir("./59") = 0 [pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3756] setpgid(0, 0) = 0 [pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3756] write(3, "1000", 4) = 4 [pid 3756] close(3) = 0 [pid 3756] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3756] memfd_create("syzkaller", 0) = 3 [pid 3756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3756] munmap(0x7f0a78000000, 262144) = 0 [pid 3756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3756] close(3) = 0 [pid 3756] mkdir("./file0", 0777) = 0 [pid 3756] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3756] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3756] chdir("./file0") = 0 [pid 3756] ioctl(4, LOOP_CLR_FD) = 0 [pid 3756] close(4) = 0 [pid 3756] exit_group(0) = ? [pid 3756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 [ 77.459854][ T3756] loop0: detected capacity change from 0 to 512 [ 77.470401][ T3756] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.480421][ T3756] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.489562][ T3756] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3758 ./strace-static-x86_64: Process 3758 attached [pid 3758] chdir("./60") = 0 [pid 3758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3758] setpgid(0, 0) = 0 [pid 3758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3758] write(3, "1000", 4) = 4 [pid 3758] close(3) = 0 [pid 3758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3758] memfd_create("syzkaller", 0) = 3 [pid 3758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3758] munmap(0x7f0a78000000, 262144) = 0 [pid 3758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3758] close(3) = 0 [pid 3758] mkdir("./file0", 0777) = 0 [pid 3758] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3758] chdir("./file0") = 0 [pid 3758] ioctl(4, LOOP_CLR_FD) = 0 [pid 3758] close(4) = 0 [pid 3758] exit_group(0) = ? [pid 3758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3758, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 [ 77.563307][ T3758] loop0: detected capacity change from 0 to 512 [ 77.575237][ T3758] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.585452][ T3758] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.594258][ T3758] EXT4-fs (loop0): 1 truncate cleaned up umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3760 attached , child_tidptr=0x55555748e5d0) = 3760 [pid 3760] chdir("./61") = 0 [pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3760] setpgid(0, 0) = 0 [pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3760] write(3, "1000", 4) = 4 [pid 3760] close(3) = 0 [pid 3760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3760] memfd_create("syzkaller", 0) = 3 [pid 3760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3760] munmap(0x7f0a78000000, 262144) = 0 [pid 3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3760] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3760] close(3) = 0 [pid 3760] mkdir("./file0", 0777) = 0 [pid 3760] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3760] chdir("./file0") = 0 [pid 3760] ioctl(4, LOOP_CLR_FD) = 0 [pid 3760] close(4) = 0 [pid 3760] exit_group(0) = ? [pid 3760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3762 attached [pid 3762] chdir("./62") = 0 [pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3762] setpgid(0, 0) = 0 [ 77.678289][ T3760] loop0: detected capacity change from 0 to 512 [ 77.686610][ T3760] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.697602][ T3760] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.706803][ T3760] EXT4-fs (loop0): 1 truncate cleaned up [pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3762 [pid 3762] <... openat resumed>) = 3 [pid 3762] write(3, "1000", 4) = 4 [pid 3762] close(3) = 0 [pid 3762] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3762] memfd_create("syzkaller", 0) = 3 [pid 3762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3762] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3762] munmap(0x7f0a78000000, 262144) = 0 [pid 3762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3762] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3762] close(3) = 0 [pid 3762] mkdir("./file0", 0777) = 0 [pid 3762] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3762] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3762] chdir("./file0") = 0 [pid 3762] ioctl(4, LOOP_CLR_FD) = 0 [pid 3762] close(4) = 0 [pid 3762] exit_group(0) = ? [pid 3762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3764 ./strace-static-x86_64: Process 3764 attached [ 77.768466][ T3762] loop0: detected capacity change from 0 to 512 [ 77.779232][ T3762] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.789887][ T3762] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.799758][ T3762] EXT4-fs (loop0): 1 truncate cleaned up [pid 3764] chdir("./63") = 0 [pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3764] setpgid(0, 0) = 0 [pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3764] write(3, "1000", 4) = 4 [pid 3764] close(3) = 0 [pid 3764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3764] memfd_create("syzkaller", 0) = 3 [pid 3764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3764] munmap(0x7f0a78000000, 262144) = 0 [pid 3764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3764] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3764] close(3) = 0 [pid 3764] mkdir("./file0", 0777) = 0 [pid 3764] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3764] chdir("./file0") = 0 [pid 3764] ioctl(4, LOOP_CLR_FD) = 0 [pid 3764] close(4) = 0 [pid 3764] exit_group(0) = ? [pid 3764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 77.863502][ T3764] loop0: detected capacity change from 0 to 512 [ 77.874231][ T3764] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.884402][ T3764] EXT4-fs (loop0): orphan cleanup on readonly fs [ 77.893365][ T3764] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3766 ./strace-static-x86_64: Process 3766 attached [pid 3766] chdir("./64") = 0 [pid 3766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3766] setpgid(0, 0) = 0 [pid 3766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3766] write(3, "1000", 4) = 4 [pid 3766] close(3) = 0 [pid 3766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3766] memfd_create("syzkaller", 0) = 3 [pid 3766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3766] munmap(0x7f0a78000000, 262144) = 0 [pid 3766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3766] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3766] close(3) = 0 [pid 3766] mkdir("./file0", 0777) = 0 [pid 3766] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3766] chdir("./file0") = 0 [pid 3766] ioctl(4, LOOP_CLR_FD) = 0 [pid 3766] close(4) = 0 [pid 3766] exit_group(0) = ? [pid 3766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3766, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.963754][ T3766] loop0: detected capacity change from 0 to 512 [ 77.966414][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 77.980985][ T3766] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 77.994973][ T3766] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.004216][ T3766] EXT4-fs (loop0): 1 truncate cleaned up lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3768 attached , child_tidptr=0x55555748e5d0) = 3768 [pid 3768] chdir("./65") = 0 [pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3768] setpgid(0, 0) = 0 [pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3768] write(3, "1000", 4) = 4 [pid 3768] close(3) = 0 [pid 3768] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3768] memfd_create("syzkaller", 0) = 3 [pid 3768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3768] munmap(0x7f0a78000000, 262144) = 0 [pid 3768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3768] close(3) = 0 [pid 3768] mkdir("./file0", 0777) = 0 [pid 3768] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3768] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3768] chdir("./file0") = 0 [pid 3768] ioctl(4, LOOP_CLR_FD) = 0 [pid 3768] close(4) = 0 [pid 3768] exit_group(0) = ? [pid 3768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 [ 78.089908][ T3768] loop0: detected capacity change from 0 to 512 [ 78.099837][ T3768] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.110217][ T3768] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.119599][ T3768] EXT4-fs (loop0): 1 truncate cleaned up umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3770 ./strace-static-x86_64: Process 3770 attached [pid 3770] chdir("./66") = 0 [pid 3770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3770] setpgid(0, 0) = 0 [pid 3770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3770] write(3, "1000", 4) = 4 [pid 3770] close(3) = 0 [pid 3770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3770] memfd_create("syzkaller", 0) = 3 [pid 3770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3770] munmap(0x7f0a78000000, 262144) = 0 [pid 3770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3770] close(3) = 0 [pid 3770] mkdir("./file0", 0777) = 0 [pid 3770] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3770] chdir("./file0") = 0 [pid 3770] ioctl(4, LOOP_CLR_FD) = 0 [pid 3770] close(4) = 0 [pid 3770] exit_group(0) = ? [pid 3770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3770, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3772 ./strace-static-x86_64: Process 3772 attached [pid 3772] chdir("./67") = 0 [pid 3772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3772] setpgid(0, 0) = 0 [pid 3772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3772] write(3, "1000", 4) = 4 [pid 3772] close(3) = 0 [pid 3772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3772] memfd_create("syzkaller", 0) = 3 [pid 3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3772] munmap(0x7f0a78000000, 262144) = 0 [ 78.188976][ T3770] loop0: detected capacity change from 0 to 512 [ 78.198162][ T3770] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.209260][ T3770] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.218180][ T3770] EXT4-fs (loop0): 1 truncate cleaned up [pid 3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3772] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3772] close(3) = 0 [pid 3772] mkdir("./file0", 0777) = 0 [pid 3772] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3772] chdir("./file0") = 0 [pid 3772] ioctl(4, LOOP_CLR_FD) = 0 [pid 3772] close(4) = 0 [pid 3772] exit_group(0) = ? [pid 3772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3772, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3774 ./strace-static-x86_64: Process 3774 attached [pid 3774] chdir("./68") = 0 [pid 3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3774] setpgid(0, 0) = 0 [pid 3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3774] write(3, "1000", 4) = 4 [pid 3774] close(3) = 0 [pid 3774] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3774] memfd_create("syzkaller", 0) = 3 [pid 3774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 78.269615][ T3772] loop0: detected capacity change from 0 to 512 [ 78.278132][ T3772] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.289402][ T3772] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.298771][ T3772] EXT4-fs (loop0): 1 truncate cleaned up [pid 3774] munmap(0x7f0a78000000, 262144) = 0 [pid 3774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3774] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3774] close(3) = 0 [pid 3774] mkdir("./file0", 0777) = 0 [pid 3774] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3774] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3774] chdir("./file0") = 0 [pid 3774] ioctl(4, LOOP_CLR_FD) = 0 [pid 3774] close(4) = 0 [pid 3774] exit_group(0) = ? [pid 3774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 [ 78.354553][ T3774] loop0: detected capacity change from 0 to 512 [ 78.360257][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 78.372809][ T3774] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.383870][ T3774] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.394516][ T3774] EXT4-fs (loop0): 1 truncate cleaned up umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3776 ./strace-static-x86_64: Process 3776 attached [pid 3776] chdir("./69") = 0 [pid 3776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3776] setpgid(0, 0) = 0 [pid 3776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3776] write(3, "1000", 4) = 4 [pid 3776] close(3) = 0 [pid 3776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3776] memfd_create("syzkaller", 0) = 3 [pid 3776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3776] munmap(0x7f0a78000000, 262144) = 0 [pid 3776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3776] close(3) = 0 [pid 3776] mkdir("./file0", 0777) = 0 [pid 3776] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3776] chdir("./file0") = 0 [pid 3776] ioctl(4, LOOP_CLR_FD) = 0 [pid 3776] close(4) = 0 [pid 3776] exit_group(0) = ? [pid 3776] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3776, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 78.463914][ T3776] loop0: detected capacity change from 0 to 512 [ 78.472817][ T3776] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.483424][ T3776] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.492498][ T3776] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3778 ./strace-static-x86_64: Process 3778 attached [pid 3778] chdir("./70") = 0 [pid 3778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3778] setpgid(0, 0) = 0 [pid 3778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3778] write(3, "1000", 4) = 4 [pid 3778] close(3) = 0 [pid 3778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3778] memfd_create("syzkaller", 0) = 3 [pid 3778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3778] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3778] munmap(0x7f0a78000000, 262144) = 0 [pid 3778] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3778] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3778] close(3) = 0 [pid 3778] mkdir("./file0", 0777) = 0 [pid 3778] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3778] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3778] chdir("./file0") = 0 [pid 3778] ioctl(4, LOOP_CLR_FD) = 0 [ 78.558268][ T3778] loop0: detected capacity change from 0 to 512 [ 78.566899][ T3778] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.578583][ T3778] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.587431][ T3778] EXT4-fs (loop0): 1 truncate cleaned up [pid 3778] close(4) = 0 [pid 3778] exit_group(0) = ? [pid 3778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3778, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3780 ./strace-static-x86_64: Process 3780 attached [pid 3780] chdir("./71") = 0 [pid 3780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3780] setpgid(0, 0) = 0 [pid 3780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3780] write(3, "1000", 4) = 4 [pid 3780] close(3) = 0 [pid 3780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3780] memfd_create("syzkaller", 0) = 3 [pid 3780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3780] munmap(0x7f0a78000000, 262144) = 0 [pid 3780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3780] close(3) = 0 [pid 3780] mkdir("./file0", 0777) = 0 [pid 3780] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3780] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3780] chdir("./file0") = 0 [pid 3780] ioctl(4, LOOP_CLR_FD) = 0 [pid 3780] close(4) = 0 [pid 3780] exit_group(0) = ? [pid 3780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3780, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 78.665955][ T3780] loop0: detected capacity change from 0 to 512 [ 78.674544][ T3780] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.685230][ T3780] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.693745][ T3780] EXT4-fs (loop0): 1 truncate cleaned up umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3782 ./strace-static-x86_64: Process 3782 attached [pid 3782] chdir("./72") = 0 [pid 3782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3782] setpgid(0, 0) = 0 [pid 3782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3782] write(3, "1000", 4) = 4 [pid 3782] close(3) = 0 [pid 3782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3782] memfd_create("syzkaller", 0) = 3 [pid 3782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3782] munmap(0x7f0a78000000, 262144) = 0 [pid 3782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3782] close(3) = 0 [pid 3782] mkdir("./file0", 0777) = 0 [pid 3782] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3782] chdir("./file0") = 0 [pid 3782] ioctl(4, LOOP_CLR_FD) = 0 [pid 3782] close(4) = 0 [pid 3782] exit_group(0) = ? [pid 3782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3782, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3784 ./strace-static-x86_64: Process 3784 attached [pid 3784] chdir("./73") = 0 [pid 3784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3784] setpgid(0, 0) = 0 [pid 3784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3784] write(3, "1000", 4) = 4 [pid 3784] close(3) = 0 [pid 3784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3784] memfd_create("syzkaller", 0) = 3 [pid 3784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3784] munmap(0x7f0a78000000, 262144) = 0 [pid 3784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 78.777791][ T3782] loop0: detected capacity change from 0 to 512 [ 78.786523][ T3782] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.796974][ T3782] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.805749][ T3782] EXT4-fs (loop0): 1 truncate cleaned up [pid 3784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3784] close(3) = 0 [pid 3784] mkdir("./file0", 0777) = 0 [pid 3784] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3784] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3784] chdir("./file0") = 0 [pid 3784] ioctl(4, LOOP_CLR_FD) = 0 [pid 3784] close(4) = 0 [pid 3784] exit_group(0) = ? [pid 3784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3784, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 [ 78.858106][ T3784] loop0: detected capacity change from 0 to 512 [ 78.863794][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 78.875598][ T3784] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.885480][ T3784] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.894277][ T3784] EXT4-fs (loop0): 1 truncate cleaned up umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3786 ./strace-static-x86_64: Process 3786 attached [pid 3786] chdir("./74") = 0 [pid 3786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3786] setpgid(0, 0) = 0 [pid 3786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3786] write(3, "1000", 4) = 4 [pid 3786] close(3) = 0 [pid 3786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3786] memfd_create("syzkaller", 0) = 3 [pid 3786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3786] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3786] munmap(0x7f0a78000000, 262144) = 0 [pid 3786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3786] close(3) = 0 [pid 3786] mkdir("./file0", 0777) = 0 [pid 3786] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3786] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3786] chdir("./file0") = 0 [pid 3786] ioctl(4, LOOP_CLR_FD) = 0 [pid 3786] close(4) = 0 [pid 3786] exit_group(0) = ? [pid 3786] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3786, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 78.967469][ T3786] loop0: detected capacity change from 0 to 512 [ 78.976434][ T3786] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 78.987194][ T3786] EXT4-fs (loop0): orphan cleanup on readonly fs [ 78.996151][ T3786] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3788 ./strace-static-x86_64: Process 3788 attached [pid 3788] chdir("./75") = 0 [pid 3788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3788] setpgid(0, 0) = 0 [pid 3788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3788] write(3, "1000", 4) = 4 [pid 3788] close(3) = 0 [pid 3788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3788] memfd_create("syzkaller", 0) = 3 [pid 3788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3788] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3788] munmap(0x7f0a78000000, 262144) = 0 [pid 3788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3788] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3788] close(3) = 0 [pid 3788] mkdir("./file0", 0777) = 0 [pid 3788] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3788] chdir("./file0") = 0 [pid 3788] ioctl(4, LOOP_CLR_FD) = 0 [pid 3788] close(4) = 0 [pid 3788] exit_group(0) = ? [pid 3788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3788, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3790 ./strace-static-x86_64: Process 3790 attached [pid 3790] chdir("./76") = 0 [pid 3790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3790] setpgid(0, 0) = 0 [pid 3790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3790] write(3, "1000", 4) = 4 [pid 3790] close(3) = 0 [pid 3790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3790] memfd_create("syzkaller", 0) = 3 [ 79.060535][ T3788] loop0: detected capacity change from 0 to 512 [ 79.070192][ T3788] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.080646][ T3788] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.089605][ T3788] EXT4-fs (loop0): 1 truncate cleaned up [pid 3790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3790] munmap(0x7f0a78000000, 262144) = 0 [pid 3790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3790] close(3) = 0 [pid 3790] mkdir("./file0", 0777) = 0 [pid 3790] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3790] chdir("./file0") = 0 [pid 3790] ioctl(4, LOOP_CLR_FD) = 0 [pid 3790] close(4) = 0 [pid 3790] exit_group(0) = ? [pid 3790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3790, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3792 ./strace-static-x86_64: Process 3792 attached [pid 3792] chdir("./77") = 0 [ 79.145920][ T3790] loop0: detected capacity change from 0 to 512 [ 79.154871][ T3790] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.165455][ T3790] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.174680][ T3790] EXT4-fs (loop0): 1 truncate cleaned up [pid 3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3792] setpgid(0, 0) = 0 [pid 3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3792] write(3, "1000", 4) = 4 [pid 3792] close(3) = 0 [pid 3792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3792] memfd_create("syzkaller", 0) = 3 [pid 3792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3792] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3792] munmap(0x7f0a78000000, 262144) = 0 [pid 3792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3792] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3792] close(3) = 0 [pid 3792] mkdir("./file0", 0777) = 0 [pid 3792] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3792] chdir("./file0") = 0 [pid 3792] ioctl(4, LOOP_CLR_FD) = 0 [pid 3792] close(4) = 0 [pid 3792] exit_group(0) = ? [pid 3792] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 79.238691][ T3792] loop0: detected capacity change from 0 to 512 [ 79.247254][ T3792] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.258685][ T3792] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.267599][ T3792] EXT4-fs (loop0): 1 truncate cleaned up lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3794 ./strace-static-x86_64: Process 3794 attached [pid 3794] chdir("./78") = 0 [pid 3794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3794] setpgid(0, 0) = 0 [pid 3794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3794] write(3, "1000", 4) = 4 [pid 3794] close(3) = 0 [pid 3794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3794] memfd_create("syzkaller", 0) = 3 [pid 3794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3794] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3794] munmap(0x7f0a78000000, 262144) = 0 [pid 3794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3794] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3794] close(3) = 0 [pid 3794] mkdir("./file0", 0777) = 0 [pid 3794] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3794] chdir("./file0") = 0 [pid 3794] ioctl(4, LOOP_CLR_FD) = 0 [ 79.338739][ T3794] loop0: detected capacity change from 0 to 512 [ 79.344057][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 79.355926][ T3794] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.366163][ T3794] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.375386][ T3794] EXT4-fs (loop0): 1 truncate cleaned up [pid 3794] close(4) = 0 [pid 3794] exit_group(0) = ? [pid 3794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3794, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3796 ./strace-static-x86_64: Process 3796 attached [pid 3796] chdir("./79") = 0 [pid 3796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3796] setpgid(0, 0) = 0 [pid 3796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3796] write(3, "1000", 4) = 4 [pid 3796] close(3) = 0 [pid 3796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3796] memfd_create("syzkaller", 0) = 3 [pid 3796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3796] munmap(0x7f0a78000000, 262144) = 0 [pid 3796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3796] close(3) = 0 [pid 3796] mkdir("./file0", 0777) = 0 [pid 3796] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3796] chdir("./file0") = 0 [pid 3796] ioctl(4, LOOP_CLR_FD) = 0 [pid 3796] close(4) = 0 [pid 3796] exit_group(0) = ? [pid 3796] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3796, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 [ 79.445927][ T3796] loop0: detected capacity change from 0 to 512 [ 79.451345][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 79.463248][ T3796] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.473819][ T3796] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.483395][ T3796] EXT4-fs (loop0): 1 truncate cleaned up umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3798 ./strace-static-x86_64: Process 3798 attached [pid 3798] chdir("./80") = 0 [pid 3798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3798] setpgid(0, 0) = 0 [pid 3798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3798] write(3, "1000", 4) = 4 [pid 3798] close(3) = 0 [pid 3798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3798] memfd_create("syzkaller", 0) = 3 [pid 3798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3798] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3798] munmap(0x7f0a78000000, 262144) = 0 [pid 3798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3798] close(3) = 0 [pid 3798] mkdir("./file0", 0777) = 0 [pid 3798] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3798] chdir("./file0") = 0 [pid 3798] ioctl(4, LOOP_CLR_FD) = 0 [pid 3798] close(4) = 0 [pid 3798] exit_group(0) = ? [pid 3798] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3798, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 [ 79.563122][ T3798] loop0: detected capacity change from 0 to 512 [ 79.573480][ T3798] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.583833][ T3798] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.593198][ T3798] EXT4-fs (loop0): 1 truncate cleaned up umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3800 ./strace-static-x86_64: Process 3800 attached [pid 3800] chdir("./81") = 0 [pid 3800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3800] setpgid(0, 0) = 0 [pid 3800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3800] write(3, "1000", 4) = 4 [pid 3800] close(3) = 0 [pid 3800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3800] memfd_create("syzkaller", 0) = 3 [pid 3800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3800] munmap(0x7f0a78000000, 262144) = 0 [pid 3800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3800] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3800] close(3) = 0 [pid 3800] mkdir("./file0", 0777) = 0 [pid 3800] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3800] chdir("./file0") = 0 [pid 3800] ioctl(4, LOOP_CLR_FD) = 0 [pid 3800] close(4) = 0 [pid 3800] exit_group(0) = ? [pid 3800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3800, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 79.675558][ T3800] loop0: detected capacity change from 0 to 512 [ 79.685514][ T3800] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.695982][ T3800] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.704921][ T3800] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3802 attached , child_tidptr=0x55555748e5d0) = 3802 [pid 3802] chdir("./82") = 0 [pid 3802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3802] setpgid(0, 0) = 0 [pid 3802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3802] write(3, "1000", 4) = 4 [pid 3802] close(3) = 0 [pid 3802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3802] memfd_create("syzkaller", 0) = 3 [pid 3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3802] munmap(0x7f0a78000000, 262144) = 0 [pid 3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3802] close(3) = 0 [pid 3802] mkdir("./file0", 0777) = 0 [pid 3802] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3802] chdir("./file0") = 0 [pid 3802] ioctl(4, LOOP_CLR_FD) = 0 [pid 3802] close(4) = 0 [pid 3802] exit_group(0) = ? [pid 3802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3802, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 [ 79.772974][ T3802] loop0: detected capacity change from 0 to 512 [ 79.782550][ T3802] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.793000][ T3802] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.801649][ T3802] EXT4-fs (loop0): 1 truncate cleaned up umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3804 ./strace-static-x86_64: Process 3804 attached [pid 3804] chdir("./83") = 0 [pid 3804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3804] setpgid(0, 0) = 0 [pid 3804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3804] write(3, "1000", 4) = 4 [pid 3804] close(3) = 0 [pid 3804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3804] memfd_create("syzkaller", 0) = 3 [pid 3804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3804] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3804] munmap(0x7f0a78000000, 262144) = 0 [pid 3804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3804] close(3) = 0 [pid 3804] mkdir("./file0", 0777) = 0 [pid 3804] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3804] chdir("./file0") = 0 [pid 3804] ioctl(4, LOOP_CLR_FD) = 0 [pid 3804] close(4) = 0 [pid 3804] exit_group(0) = ? [pid 3804] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3804, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 79.872825][ T3804] loop0: detected capacity change from 0 to 512 [ 79.883006][ T3804] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.893090][ T3804] EXT4-fs (loop0): orphan cleanup on readonly fs [ 79.901761][ T3804] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./83/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3806 ./strace-static-x86_64: Process 3806 attached [pid 3806] chdir("./84") = 0 [pid 3806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3806] setpgid(0, 0) = 0 [pid 3806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3806] write(3, "1000", 4) = 4 [pid 3806] close(3) = 0 [pid 3806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3806] memfd_create("syzkaller", 0) = 3 [pid 3806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3806] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3806] munmap(0x7f0a78000000, 262144) = 0 [pid 3806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3806] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3806] close(3) = 0 [pid 3806] mkdir("./file0", 0777) = 0 [pid 3806] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3806] chdir("./file0") = 0 [pid 3806] ioctl(4, LOOP_CLR_FD) = 0 [pid 3806] close(4) = 0 [pid 3806] exit_group(0) = ? [pid 3806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3806, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3808 ./strace-static-x86_64: Process 3808 attached [pid 3808] chdir("./85") = 0 [pid 3808] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3808] setpgid(0, 0) = 0 [pid 3808] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3808] write(3, "1000", 4) = 4 [pid 3808] close(3) = 0 [pid 3808] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3808] memfd_create("syzkaller", 0) = 3 [pid 3808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3808] munmap(0x7f0a78000000, 262144) = 0 [pid 3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 79.975929][ T3806] loop0: detected capacity change from 0 to 512 [ 79.984362][ T3806] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 79.995697][ T3806] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.004788][ T3806] EXT4-fs (loop0): 1 truncate cleaned up [pid 3808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3808] close(3) = 0 [pid 3808] mkdir("./file0", 0777) = 0 [pid 3808] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3808] chdir("./file0") = 0 [pid 3808] ioctl(4, LOOP_CLR_FD) = 0 [pid 3808] close(4) = 0 [pid 3808] exit_group(0) = ? [pid 3808] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3808, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3810 ./strace-static-x86_64: Process 3810 attached [pid 3810] chdir("./86") = 0 [pid 3810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3810] setpgid(0, 0) = 0 [pid 3810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3810] write(3, "1000", 4) = 4 [pid 3810] close(3) = 0 [pid 3810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3810] memfd_create("syzkaller", 0) = 3 [pid 3810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 80.054485][ T3808] loop0: detected capacity change from 0 to 512 [ 80.065075][ T3808] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.077280][ T3808] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.086228][ T3808] EXT4-fs (loop0): 1 truncate cleaned up [pid 3810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3810] munmap(0x7f0a78000000, 262144) = 0 [pid 3810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3810] close(3) = 0 [pid 3810] mkdir("./file0", 0777) = 0 [pid 3810] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3810] chdir("./file0") = 0 [pid 3810] ioctl(4, LOOP_CLR_FD) = 0 [pid 3810] close(4) = 0 [pid 3810] exit_group(0) = ? [pid 3810] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3810, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3812 attached , child_tidptr=0x55555748e5d0) = 3812 [pid 3812] chdir("./87") = 0 [pid 3812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3812] setpgid(0, 0) = 0 [pid 3812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3812] write(3, "1000", 4) = 4 [pid 3812] close(3) = 0 [pid 3812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3812] memfd_create("syzkaller", 0) = 3 [pid 3812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 80.139854][ T3810] loop0: detected capacity change from 0 to 512 [ 80.148446][ T3810] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.159144][ T3810] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.168490][ T3810] EXT4-fs (loop0): 1 truncate cleaned up [pid 3812] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3812] munmap(0x7f0a78000000, 262144) = 0 [pid 3812] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3812] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3812] close(3) = 0 [pid 3812] mkdir("./file0", 0777) = 0 [pid 3812] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3812] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3812] chdir("./file0") = 0 [pid 3812] ioctl(4, LOOP_CLR_FD) = 0 [pid 3812] close(4) = 0 [pid 3812] exit_group(0) = ? [pid 3812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3812, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 [ 80.225011][ T3812] loop0: detected capacity change from 0 to 512 [ 80.234677][ T3812] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.245490][ T3812] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.254523][ T3812] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3814 attached , child_tidptr=0x55555748e5d0) = 3814 [pid 3814] chdir("./88") = 0 [pid 3814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3814] setpgid(0, 0) = 0 [pid 3814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3814] write(3, "1000", 4) = 4 [pid 3814] close(3) = 0 [pid 3814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3814] memfd_create("syzkaller", 0) = 3 [pid 3814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3814] munmap(0x7f0a78000000, 262144) = 0 [pid 3814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3814] close(3) = 0 [pid 3814] mkdir("./file0", 0777) = 0 [pid 3814] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3814] chdir("./file0") = 0 [pid 3814] ioctl(4, LOOP_CLR_FD) = 0 [pid 3814] close(4) = 0 [pid 3814] exit_group(0) = ? [pid 3814] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3814, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 [ 80.331784][ T3814] loop0: detected capacity change from 0 to 512 [ 80.340778][ T3814] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.350990][ T3814] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.360300][ T3814] EXT4-fs (loop0): 1 truncate cleaned up umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3816 ./strace-static-x86_64: Process 3816 attached [pid 3816] chdir("./89") = 0 [pid 3816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3816] setpgid(0, 0) = 0 [pid 3816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3816] write(3, "1000", 4) = 4 [pid 3816] close(3) = 0 [pid 3816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3816] memfd_create("syzkaller", 0) = 3 [pid 3816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3816] munmap(0x7f0a78000000, 262144) = 0 [pid 3816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3816] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3816] close(3) = 0 [pid 3816] mkdir("./file0", 0777) = 0 [pid 3816] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3816] chdir("./file0") = 0 [pid 3816] ioctl(4, LOOP_CLR_FD) = 0 [pid 3816] close(4) = 0 [pid 3816] exit_group(0) = ? [pid 3816] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3816, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 80.442695][ T3816] loop0: detected capacity change from 0 to 512 [ 80.452911][ T3816] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.463279][ T3816] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.472179][ T3816] EXT4-fs (loop0): 1 truncate cleaned up umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3818 ./strace-static-x86_64: Process 3818 attached [pid 3818] chdir("./90") = 0 [pid 3818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3818] setpgid(0, 0) = 0 [pid 3818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3818] write(3, "1000", 4) = 4 [pid 3818] close(3) = 0 [pid 3818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3818] memfd_create("syzkaller", 0) = 3 [pid 3818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3818] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3818] munmap(0x7f0a78000000, 262144) = 0 [pid 3818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3818] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3818] close(3) = 0 [pid 3818] mkdir("./file0", 0777) = 0 [pid 3818] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3818] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3818] chdir("./file0") = 0 [pid 3818] ioctl(4, LOOP_CLR_FD) = 0 [pid 3818] close(4) = 0 [pid 3818] exit_group(0) = ? [pid 3818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3818, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 [ 80.565921][ T3818] loop0: detected capacity change from 0 to 512 [ 80.576493][ T3818] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.586548][ T3818] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.595278][ T3818] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3820 ./strace-static-x86_64: Process 3820 attached [pid 3820] chdir("./91") = 0 [pid 3820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3820] setpgid(0, 0) = 0 [pid 3820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3820] write(3, "1000", 4) = 4 [pid 3820] close(3) = 0 [pid 3820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3820] memfd_create("syzkaller", 0) = 3 [pid 3820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3820] munmap(0x7f0a78000000, 262144) = 0 [pid 3820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3820] close(3) = 0 [pid 3820] mkdir("./file0", 0777) = 0 [pid 3820] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3820] chdir("./file0") = 0 [pid 3820] ioctl(4, LOOP_CLR_FD) = 0 [pid 3820] close(4) = 0 [pid 3820] exit_group(0) = ? [pid 3820] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3820, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 80.661610][ T3820] loop0: detected capacity change from 0 to 512 [ 80.671075][ T3820] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.681003][ T3820] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.689846][ T3820] EXT4-fs (loop0): 1 truncate cleaned up fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3822 ./strace-static-x86_64: Process 3822 attached [pid 3822] chdir("./92") = 0 [pid 3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3822] setpgid(0, 0) = 0 [pid 3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3822] write(3, "1000", 4) = 4 [pid 3822] close(3) = 0 [pid 3822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3822] memfd_create("syzkaller", 0) = 3 [pid 3822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3822] munmap(0x7f0a78000000, 262144) = 0 [pid 3822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3822] close(3) = 0 [pid 3822] mkdir("./file0", 0777) = 0 [pid 3822] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3822] chdir("./file0") = 0 [pid 3822] ioctl(4, LOOP_CLR_FD) = 0 [pid 3822] close(4) = 0 [pid 3822] exit_group(0) = ? [pid 3822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.766247][ T3822] loop0: detected capacity change from 0 to 512 [ 80.774815][ T3822] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.786121][ T3822] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.795508][ T3822] EXT4-fs (loop0): 1 truncate cleaned up lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3824 ./strace-static-x86_64: Process 3824 attached [pid 3824] chdir("./93") = 0 [pid 3824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3824] setpgid(0, 0) = 0 [pid 3824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3824] write(3, "1000", 4) = 4 [pid 3824] close(3) = 0 [pid 3824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3824] memfd_create("syzkaller", 0) = 3 [pid 3824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3824] munmap(0x7f0a78000000, 262144) = 0 [pid 3824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3824] close(3) = 0 [pid 3824] mkdir("./file0", 0777) = 0 [pid 3824] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3824] chdir("./file0") = 0 [pid 3824] ioctl(4, LOOP_CLR_FD) = 0 [pid 3824] close(4) = 0 [pid 3824] exit_group(0) = ? [pid 3824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3824, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.887090][ T3824] loop0: detected capacity change from 0 to 512 [ 80.897544][ T3824] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 80.907951][ T3824] EXT4-fs (loop0): orphan cleanup on readonly fs [ 80.916698][ T3824] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3826 ./strace-static-x86_64: Process 3826 attached [pid 3826] chdir("./94") = 0 [pid 3826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3826] setpgid(0, 0) = 0 [pid 3826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3826] write(3, "1000", 4) = 4 [pid 3826] close(3) = 0 [pid 3826] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3826] memfd_create("syzkaller", 0) = 3 [pid 3826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3826] munmap(0x7f0a78000000, 262144) = 0 [pid 3826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3826] close(3) = 0 [pid 3826] mkdir("./file0", 0777) = 0 [pid 3826] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3826] chdir("./file0") = 0 [pid 3826] ioctl(4, LOOP_CLR_FD) = 0 [pid 3826] close(4) = 0 [pid 3826] exit_group(0) = ? [pid 3826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3826, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.993683][ T3826] loop0: detected capacity change from 0 to 512 [ 81.002256][ T3826] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.013600][ T3826] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.022462][ T3826] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3828 ./strace-static-x86_64: Process 3828 attached [pid 3828] chdir("./95") = 0 [pid 3828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3828] setpgid(0, 0) = 0 [pid 3828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3828] write(3, "1000", 4) = 4 [pid 3828] close(3) = 0 [pid 3828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3828] memfd_create("syzkaller", 0) = 3 [pid 3828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3828] munmap(0x7f0a78000000, 262144) = 0 [pid 3828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3828] close(3) = 0 [pid 3828] mkdir("./file0", 0777) = 0 [pid 3828] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3828] chdir("./file0") = 0 [pid 3828] ioctl(4, LOOP_CLR_FD) = 0 [pid 3828] close(4) = 0 [pid 3828] exit_group(0) = ? [pid 3828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3828, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 [ 81.094638][ T3828] loop0: detected capacity change from 0 to 512 [ 81.104487][ T3828] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.115029][ T3828] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.123685][ T3828] EXT4-fs (loop0): 1 truncate cleaned up getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3830 ./strace-static-x86_64: Process 3830 attached [pid 3830] chdir("./96") = 0 [pid 3830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3830] setpgid(0, 0) = 0 [pid 3830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3830] write(3, "1000", 4) = 4 [pid 3830] close(3) = 0 [pid 3830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3830] memfd_create("syzkaller", 0) = 3 [pid 3830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3830] munmap(0x7f0a78000000, 262144) = 0 [pid 3830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3830] close(3) = 0 [pid 3830] mkdir("./file0", 0777) = 0 [ 81.190710][ T3830] loop0: detected capacity change from 0 to 512 [ 81.199519][ T3830] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.210321][ T3830] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.219167][ T3830] EXT4-fs (loop0): 1 truncate cleaned up [pid 3830] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3830] chdir("./file0") = 0 [pid 3830] ioctl(4, LOOP_CLR_FD) = 0 [pid 3830] close(4) = 0 [pid 3830] exit_group(0) = ? [pid 3830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3830, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3832 ./strace-static-x86_64: Process 3832 attached [pid 3832] chdir("./97") = 0 [pid 3832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3832] setpgid(0, 0) = 0 [pid 3832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3832] write(3, "1000", 4) = 4 [pid 3832] close(3) = 0 [pid 3832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3832] memfd_create("syzkaller", 0) = 3 [pid 3832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3832] munmap(0x7f0a78000000, 262144) = 0 [pid 3832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3832] close(3) = 0 [pid 3832] mkdir("./file0", 0777) = 0 [pid 3832] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3832] chdir("./file0") = 0 [pid 3832] ioctl(4, LOOP_CLR_FD) = 0 [ 81.329183][ T3832] loop0: detected capacity change from 0 to 512 [ 81.337506][ T3832] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.347821][ T3832] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.357910][ T3832] EXT4-fs (loop0): 1 truncate cleaned up [pid 3832] close(4) = 0 [pid 3832] exit_group(0) = ? [pid 3832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3832, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3834 ./strace-static-x86_64: Process 3834 attached [pid 3834] chdir("./98") = 0 [pid 3834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3834] setpgid(0, 0) = 0 [pid 3834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3834] write(3, "1000", 4) = 4 [pid 3834] close(3) = 0 [pid 3834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3834] memfd_create("syzkaller", 0) = 3 [pid 3834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3834] munmap(0x7f0a78000000, 262144) = 0 [pid 3834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3834] close(3) = 0 [pid 3834] mkdir("./file0", 0777) = 0 [ 81.443085][ T3834] loop0: detected capacity change from 0 to 512 [ 81.453030][ T3834] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.464380][ T3834] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.473530][ T3834] EXT4-fs (loop0): 1 truncate cleaned up [pid 3834] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3834] chdir("./file0") = 0 [pid 3834] ioctl(4, LOOP_CLR_FD) = 0 [pid 3834] close(4) = 0 [pid 3834] exit_group(0) = ? [pid 3834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3834, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3836 [ 81.489100][ T150] cfg80211: failed to load regulatory.db ./strace-static-x86_64: Process 3836 attached [pid 3836] chdir("./99") = 0 [pid 3836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3836] setpgid(0, 0) = 0 [pid 3836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3836] write(3, "1000", 4) = 4 [pid 3836] close(3) = 0 [pid 3836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3836] memfd_create("syzkaller", 0) = 3 [pid 3836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3836] munmap(0x7f0a78000000, 262144) = 0 [pid 3836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3836] close(3) = 0 [pid 3836] mkdir("./file0", 0777) = 0 [pid 3836] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3836] chdir("./file0") = 0 [pid 3836] ioctl(4, LOOP_CLR_FD) = 0 [pid 3836] close(4) = 0 [pid 3836] exit_group(0) = ? [pid 3836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3836, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 [ 81.553215][ T3836] loop0: detected capacity change from 0 to 512 [ 81.563578][ T3836] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.574556][ T3836] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.584449][ T3836] EXT4-fs (loop0): 1 truncate cleaned up umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3838 ./strace-static-x86_64: Process 3838 attached [pid 3838] chdir("./100") = 0 [pid 3838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3838] setpgid(0, 0) = 0 [pid 3838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3838] write(3, "1000", 4) = 4 [pid 3838] close(3) = 0 [pid 3838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3838] memfd_create("syzkaller", 0) = 3 [pid 3838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3838] munmap(0x7f0a78000000, 262144) = 0 [pid 3838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3838] close(3) = 0 [pid 3838] mkdir("./file0", 0777) = 0 [pid 3838] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3838] chdir("./file0") = 0 [pid 3838] ioctl(4, LOOP_CLR_FD) = 0 [pid 3838] close(4) = 0 [pid 3838] exit_group(0) = ? [pid 3838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3838, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3840 attached , child_tidptr=0x55555748e5d0) = 3840 [pid 3840] chdir("./101") = 0 [pid 3840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3840] setpgid(0, 0) = 0 [pid 3840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3840] write(3, "1000", 4) = 4 [pid 3840] close(3) = 0 [pid 3840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3840] memfd_create("syzkaller", 0) = 3 [pid 3840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 81.679656][ T3838] loop0: detected capacity change from 0 to 512 [ 81.689615][ T3838] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.700355][ T3838] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.709447][ T3838] EXT4-fs (loop0): 1 truncate cleaned up [pid 3840] munmap(0x7f0a78000000, 262144) = 0 [pid 3840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3840] close(3) = 0 [pid 3840] mkdir("./file0", 0777) = 0 [pid 3840] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3840] chdir("./file0") = 0 [pid 3840] ioctl(4, LOOP_CLR_FD) = 0 [pid 3840] close(4) = 0 [pid 3840] exit_group(0) = ? [pid 3840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3840, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 81.764865][ T3840] loop0: detected capacity change from 0 to 512 [ 81.774491][ T3840] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.785341][ T3840] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.794603][ T3840] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3842 ./strace-static-x86_64: Process 3842 attached [pid 3842] chdir("./102") = 0 [pid 3842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3842] setpgid(0, 0) = 0 [pid 3842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3842] write(3, "1000", 4) = 4 [pid 3842] close(3) = 0 [pid 3842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3842] memfd_create("syzkaller", 0) = 3 [pid 3842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3842] munmap(0x7f0a78000000, 262144) = 0 [pid 3842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3842] close(3) = 0 [pid 3842] mkdir("./file0", 0777) = 0 [pid 3842] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3842] chdir("./file0") = 0 [pid 3842] ioctl(4, LOOP_CLR_FD) = 0 [pid 3842] close(4) = 0 [pid 3842] exit_group(0) = ? [pid 3842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3842, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3844 ./strace-static-x86_64: Process 3844 attached [pid 3844] chdir("./103") = 0 [ 81.856808][ T3842] loop0: detected capacity change from 0 to 512 [ 81.866891][ T3842] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.877642][ T3842] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.886174][ T3842] EXT4-fs (loop0): 1 truncate cleaned up [pid 3844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3844] setpgid(0, 0) = 0 [pid 3844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3844] write(3, "1000", 4) = 4 [pid 3844] close(3) = 0 [pid 3844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3844] memfd_create("syzkaller", 0) = 3 [pid 3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3844] munmap(0x7f0a78000000, 262144) = 0 [pid 3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3844] close(3) = 0 [pid 3844] mkdir("./file0", 0777) = 0 [pid 3844] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3844] chdir("./file0") = 0 [pid 3844] ioctl(4, LOOP_CLR_FD) = 0 [pid 3844] close(4) = 0 [pid 3844] exit_group(0) = ? [pid 3844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3844, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 [ 81.949592][ T3844] loop0: detected capacity change from 0 to 512 [ 81.963914][ T3844] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.973916][ T3844] EXT4-fs (loop0): orphan cleanup on readonly fs [ 81.982678][ T3844] EXT4-fs (loop0): 1 truncate cleaned up umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3846 ./strace-static-x86_64: Process 3846 attached [pid 3846] chdir("./104") = 0 [pid 3846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3846] setpgid(0, 0) = 0 [pid 3846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3846] write(3, "1000", 4) = 4 [pid 3846] close(3) = 0 [pid 3846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3846] memfd_create("syzkaller", 0) = 3 [pid 3846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3846] munmap(0x7f0a78000000, 262144) = 0 [pid 3846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3846] close(3) = 0 [pid 3846] mkdir("./file0", 0777) = 0 [pid 3846] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3846] chdir("./file0") = 0 [pid 3846] ioctl(4, LOOP_CLR_FD) = 0 [pid 3846] close(4) = 0 [pid 3846] exit_group(0) = ? [pid 3846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3846, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 82.061209][ T3846] loop0: detected capacity change from 0 to 512 [ 82.070273][ T3846] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.080356][ T3846] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.089331][ T3846] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./104/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3848 attached [pid 3848] chdir("./105") = 0 [pid 3848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3848] setpgid(0, 0) = 0 [pid 3848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3848] write(3, "1000", 4) = 4 [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3848 [pid 3848] close(3) = 0 [pid 3848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3848] memfd_create("syzkaller", 0) = 3 [pid 3848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3848] munmap(0x7f0a78000000, 262144) = 0 [pid 3848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3848] close(3) = 0 [pid 3848] mkdir("./file0", 0777) = 0 [pid 3848] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3848] chdir("./file0") = 0 [pid 3848] ioctl(4, LOOP_CLR_FD) = 0 [pid 3848] close(4) = 0 [pid 3848] exit_group(0) = ? [ 82.163670][ T3848] loop0: detected capacity change from 0 to 512 [ 82.173725][ T3848] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.193760][ T3848] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.206294][ T3848] EXT4-fs (loop0): 1 truncate cleaned up [pid 3848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3848, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3850 ./strace-static-x86_64: Process 3850 attached [pid 3850] chdir("./106") = 0 [pid 3850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3850] setpgid(0, 0) = 0 [pid 3850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3850] write(3, "1000", 4) = 4 [pid 3850] close(3) = 0 [pid 3850] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3850] memfd_create("syzkaller", 0) = 3 [pid 3850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3850] munmap(0x7f0a78000000, 262144) = 0 [pid 3850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3850] close(3) = 0 [pid 3850] mkdir("./file0", 0777) = 0 [pid 3850] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3850] chdir("./file0") = 0 [pid 3850] ioctl(4, LOOP_CLR_FD) = 0 [pid 3850] close(4) = 0 [pid 3850] exit_group(0) = ? [pid 3850] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3850, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 82.291141][ T3850] loop0: detected capacity change from 0 to 512 [ 82.301656][ T3850] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.312442][ T3850] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.321920][ T3850] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./106/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3852 attached , child_tidptr=0x55555748e5d0) = 3852 [pid 3852] chdir("./107") = 0 [pid 3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3852] setpgid(0, 0) = 0 [pid 3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3852] write(3, "1000", 4) = 4 [pid 3852] close(3) = 0 [pid 3852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3852] memfd_create("syzkaller", 0) = 3 [pid 3852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3852] munmap(0x7f0a78000000, 262144) = 0 [pid 3852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3852] close(3) = 0 [pid 3852] mkdir("./file0", 0777) = 0 [pid 3852] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3852] chdir("./file0") = 0 [pid 3852] ioctl(4, LOOP_CLR_FD) = 0 [pid 3852] close(4) = 0 [pid 3852] exit_group(0) = ? [pid 3852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.391784][ T3852] loop0: detected capacity change from 0 to 512 [ 82.400655][ T3852] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.412075][ T3852] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.420982][ T3852] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3854 ./strace-static-x86_64: Process 3854 attached [pid 3854] chdir("./108") = 0 [pid 3854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3854] setpgid(0, 0) = 0 [pid 3854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3854] write(3, "1000", 4) = 4 [pid 3854] close(3) = 0 [pid 3854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3854] memfd_create("syzkaller", 0) = 3 [pid 3854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3854] munmap(0x7f0a78000000, 262144) = 0 [pid 3854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3854] close(3) = 0 [pid 3854] mkdir("./file0", 0777) = 0 [pid 3854] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3854] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3854] chdir("./file0") = 0 [pid 3854] ioctl(4, LOOP_CLR_FD) = 0 [pid 3854] close(4) = 0 [pid 3854] exit_group(0) = ? [pid 3854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3854, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 82.485813][ T3854] loop0: detected capacity change from 0 to 512 [ 82.492307][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 82.503799][ T3854] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.514208][ T3854] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.523014][ T3854] EXT4-fs (loop0): 1 truncate cleaned up unlink("./108/binderfs") = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3856 ./strace-static-x86_64: Process 3856 attached [pid 3856] chdir("./109") = 0 [pid 3856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3856] setpgid(0, 0) = 0 [pid 3856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3856] write(3, "1000", 4) = 4 [pid 3856] close(3) = 0 [pid 3856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3856] memfd_create("syzkaller", 0) = 3 [pid 3856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3856] munmap(0x7f0a78000000, 262144) = 0 [pid 3856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3856] close(3) = 0 [pid 3856] mkdir("./file0", 0777) = 0 [pid 3856] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3856] chdir("./file0") = 0 [pid 3856] ioctl(4, LOOP_CLR_FD) = 0 [pid 3856] close(4) = 0 [pid 3856] exit_group(0) = ? [pid 3856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3856, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 82.595329][ T3856] loop0: detected capacity change from 0 to 512 [ 82.605437][ T3856] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.616091][ T3856] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.624948][ T3856] EXT4-fs (loop0): 1 truncate cleaned up fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3858 ./strace-static-x86_64: Process 3858 attached [pid 3858] chdir("./110") = 0 [pid 3858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3858] setpgid(0, 0) = 0 [pid 3858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3858] write(3, "1000", 4) = 4 [pid 3858] close(3) = 0 [pid 3858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3858] memfd_create("syzkaller", 0) = 3 [pid 3858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3858] munmap(0x7f0a78000000, 262144) = 0 [pid 3858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3858] close(3) = 0 [pid 3858] mkdir("./file0", 0777) = 0 [pid 3858] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3858] chdir("./file0") = 0 [pid 3858] ioctl(4, LOOP_CLR_FD) = 0 [pid 3858] close(4) = 0 [pid 3858] exit_group(0) = ? [pid 3858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3858, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3860 ./strace-static-x86_64: Process 3860 attached [pid 3860] chdir("./111") = 0 [pid 3860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3860] setpgid(0, 0) = 0 [ 82.694215][ T3858] loop0: detected capacity change from 0 to 512 [ 82.703043][ T3858] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.713461][ T3858] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.722079][ T3858] EXT4-fs (loop0): 1 truncate cleaned up [pid 3860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3860] write(3, "1000", 4) = 4 [pid 3860] close(3) = 0 [pid 3860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3860] memfd_create("syzkaller", 0) = 3 [pid 3860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3860] munmap(0x7f0a78000000, 262144) = 0 [pid 3860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3860] close(3) = 0 [pid 3860] mkdir("./file0", 0777) = 0 [pid 3860] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3860] chdir("./file0") = 0 [pid 3860] ioctl(4, LOOP_CLR_FD) = 0 [pid 3860] close(4) = 0 [pid 3860] exit_group(0) = ? [pid 3860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3860, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 82.783169][ T3860] loop0: detected capacity change from 0 to 512 [ 82.791971][ T3860] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.802812][ T3860] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.812300][ T3860] EXT4-fs (loop0): 1 truncate cleaned up getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3862 ./strace-static-x86_64: Process 3862 attached [pid 3862] chdir("./112") = 0 [pid 3862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3862] setpgid(0, 0) = 0 [pid 3862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3862] write(3, "1000", 4) = 4 [pid 3862] close(3) = 0 [pid 3862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3862] memfd_create("syzkaller", 0) = 3 [pid 3862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3862] munmap(0x7f0a78000000, 262144) = 0 [pid 3862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3862] close(3) = 0 [pid 3862] mkdir("./file0", 0777) = 0 [pid 3862] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3862] chdir("./file0") = 0 [pid 3862] ioctl(4, LOOP_CLR_FD) = 0 [pid 3862] close(4) = 0 [pid 3862] exit_group(0) = ? [pid 3862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3862, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 [ 82.886658][ T3862] loop0: detected capacity change from 0 to 512 [ 82.896727][ T3862] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 82.907719][ T3862] EXT4-fs (loop0): orphan cleanup on readonly fs [ 82.917068][ T3862] EXT4-fs (loop0): 1 truncate cleaned up mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3864 ./strace-static-x86_64: Process 3864 attached [pid 3864] chdir("./113") = 0 [pid 3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3864] setpgid(0, 0) = 0 [pid 3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3864] write(3, "1000", 4) = 4 [pid 3864] close(3) = 0 [pid 3864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3864] memfd_create("syzkaller", 0) = 3 [pid 3864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3864] munmap(0x7f0a78000000, 262144) = 0 [pid 3864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3864] close(3) = 0 [pid 3864] mkdir("./file0", 0777) = 0 [pid 3864] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3864] chdir("./file0") = 0 [pid 3864] ioctl(4, LOOP_CLR_FD) = 0 [pid 3864] close(4) = 0 [pid 3864] exit_group(0) = ? [pid 3864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 82.986693][ T3864] loop0: detected capacity change from 0 to 512 [ 82.995133][ T3864] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.005076][ T3864] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.013961][ T3864] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3866 ./strace-static-x86_64: Process 3866 attached [pid 3866] chdir("./114") = 0 [pid 3866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3866] setpgid(0, 0) = 0 [pid 3866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3866] write(3, "1000", 4) = 4 [pid 3866] close(3) = 0 [pid 3866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3866] memfd_create("syzkaller", 0) = 3 [pid 3866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3866] munmap(0x7f0a78000000, 262144) = 0 [pid 3866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3866] close(3) = 0 [pid 3866] mkdir("./file0", 0777) = 0 [pid 3866] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3866] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3866] chdir("./file0") = 0 [pid 3866] ioctl(4, LOOP_CLR_FD) = 0 [pid 3866] close(4) = 0 [pid 3866] exit_group(0) = ? [pid 3866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3866, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 [ 83.083691][ T3866] loop0: detected capacity change from 0 to 512 [ 83.093607][ T3866] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.104288][ T3866] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.112845][ T3866] EXT4-fs (loop0): 1 truncate cleaned up close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3868 ./strace-static-x86_64: Process 3868 attached [pid 3868] chdir("./115") = 0 [pid 3868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3868] setpgid(0, 0) = 0 [pid 3868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3868] write(3, "1000", 4) = 4 [pid 3868] close(3) = 0 [pid 3868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3868] memfd_create("syzkaller", 0) = 3 [pid 3868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3868] munmap(0x7f0a78000000, 262144) = 0 [pid 3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3868] close(3) = 0 [pid 3868] mkdir("./file0", 0777) = 0 [pid 3868] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3868] chdir("./file0") = 0 [pid 3868] ioctl(4, LOOP_CLR_FD) = 0 [pid 3868] close(4) = 0 [pid 3868] exit_group(0) = ? [pid 3868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3868, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 [ 83.184664][ T3868] loop0: detected capacity change from 0 to 512 [ 83.194744][ T3868] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.205568][ T3868] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.214542][ T3868] EXT4-fs (loop0): 1 truncate cleaned up getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3870 ./strace-static-x86_64: Process 3870 attached [pid 3870] chdir("./116") = 0 [pid 3870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3870] setpgid(0, 0) = 0 [pid 3870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3870] write(3, "1000", 4) = 4 [pid 3870] close(3) = 0 [pid 3870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3870] memfd_create("syzkaller", 0) = 3 [pid 3870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3870] munmap(0x7f0a78000000, 262144) = 0 [pid 3870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3870] close(3) = 0 [pid 3870] mkdir("./file0", 0777) = 0 [pid 3870] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3870] chdir("./file0") = 0 [pid 3870] ioctl(4, LOOP_CLR_FD) = 0 [pid 3870] close(4) = 0 [pid 3870] exit_group(0) = ? [pid 3870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3870, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 [ 83.281406][ T3870] loop0: detected capacity change from 0 to 512 [ 83.290387][ T3870] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.301142][ T3870] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.310572][ T3870] EXT4-fs (loop0): 1 truncate cleaned up umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3872 attached [pid 3872] chdir("./117") = 0 [pid 3872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3872] setpgid(0, 0) = 0 [pid 3872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3872 [pid 3872] <... openat resumed>) = 3 [pid 3872] write(3, "1000", 4) = 4 [pid 3872] close(3) = 0 [pid 3872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3872] memfd_create("syzkaller", 0) = 3 [pid 3872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3872] munmap(0x7f0a78000000, 262144) = 0 [pid 3872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3872] close(3) = 0 [pid 3872] mkdir("./file0", 0777) = 0 [pid 3872] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3872] chdir("./file0") = 0 [pid 3872] ioctl(4, LOOP_CLR_FD) = 0 [pid 3872] close(4) = 0 [pid 3872] exit_group(0) = ? [pid 3872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 83.383066][ T3872] loop0: detected capacity change from 0 to 512 [ 83.391276][ T3872] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.401468][ T3872] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.410079][ T3872] EXT4-fs (loop0): 1 truncate cleaned up fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3874 ./strace-static-x86_64: Process 3874 attached [pid 3874] chdir("./118") = 0 [pid 3874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3874] setpgid(0, 0) = 0 [pid 3874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3874] write(3, "1000", 4) = 4 [pid 3874] close(3) = 0 [pid 3874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3874] memfd_create("syzkaller", 0) = 3 [pid 3874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3874] munmap(0x7f0a78000000, 262144) = 0 [pid 3874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3874] close(3) = 0 [pid 3874] mkdir("./file0", 0777) = 0 [pid 3874] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3874] chdir("./file0") = 0 [pid 3874] ioctl(4, LOOP_CLR_FD) = 0 [pid 3874] close(4) = 0 [pid 3874] exit_group(0) = ? [pid 3874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 [ 83.485975][ T3874] loop0: detected capacity change from 0 to 512 [ 83.495124][ T3874] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.505880][ T3874] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.515013][ T3874] EXT4-fs (loop0): 1 truncate cleaned up close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3876 ./strace-static-x86_64: Process 3876 attached [pid 3876] chdir("./119") = 0 [pid 3876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3876] setpgid(0, 0) = 0 [pid 3876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3876] write(3, "1000", 4) = 4 [pid 3876] close(3) = 0 [pid 3876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3876] memfd_create("syzkaller", 0) = 3 [pid 3876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3876] munmap(0x7f0a78000000, 262144) = 0 [pid 3876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3876] close(3) = 0 [pid 3876] mkdir("./file0", 0777) = 0 [pid 3876] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3876] chdir("./file0") = 0 [pid 3876] ioctl(4, LOOP_CLR_FD) = 0 [pid 3876] close(4) = 0 [pid 3876] exit_group(0) = ? [pid 3876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3878 ./strace-static-x86_64: Process 3878 attached [pid 3878] chdir("./120") = 0 [pid 3878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3878] setpgid(0, 0) = 0 [pid 3878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3878] write(3, "1000", 4) = 4 [pid 3878] close(3) = 0 [pid 3878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3878] memfd_create("syzkaller", 0) = 3 [pid 3878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 83.581646][ T3876] loop0: detected capacity change from 0 to 512 [ 83.591327][ T3876] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.601700][ T3876] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.610771][ T3876] EXT4-fs (loop0): 1 truncate cleaned up [pid 3878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3878] munmap(0x7f0a78000000, 262144) = 0 [pid 3878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3878] close(3) = 0 [pid 3878] mkdir("./file0", 0777) = 0 [pid 3878] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3878] chdir("./file0") = 0 [pid 3878] ioctl(4, LOOP_CLR_FD) = 0 [pid 3878] close(4) = 0 [pid 3878] exit_group(0) = ? [pid 3878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3880 ./strace-static-x86_64: Process 3880 attached [pid 3880] chdir("./121") = 0 [pid 3880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3880] setpgid(0, 0) = 0 [pid 3880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3880] write(3, "1000", 4) = 4 [pid 3880] close(3) = 0 [pid 3880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3880] memfd_create("syzkaller", 0) = 3 [pid 3880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [ 83.666570][ T3878] loop0: detected capacity change from 0 to 512 [ 83.675114][ T3878] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.685695][ T3878] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.694764][ T3878] EXT4-fs (loop0): 1 truncate cleaned up [pid 3880] munmap(0x7f0a78000000, 262144) = 0 [pid 3880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3880] close(3) = 0 [pid 3880] mkdir("./file0", 0777) = 0 [pid 3880] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3880] chdir("./file0") = 0 [pid 3880] ioctl(4, LOOP_CLR_FD) = 0 [pid 3880] close(4) = 0 [pid 3880] exit_group(0) = ? [pid 3880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 83.747747][ T3880] loop0: detected capacity change from 0 to 512 [ 83.751252][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 83.764730][ T3880] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.775249][ T3880] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.784558][ T3880] EXT4-fs (loop0): 1 truncate cleaned up unlink("./121/binderfs") = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3882 ./strace-static-x86_64: Process 3882 attached [pid 3882] chdir("./122") = 0 [pid 3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3882] setpgid(0, 0) = 0 [pid 3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3882] write(3, "1000", 4) = 4 [pid 3882] close(3) = 0 [pid 3882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3882] memfd_create("syzkaller", 0) = 3 [pid 3882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3882] munmap(0x7f0a78000000, 262144) = 0 [pid 3882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3882] close(3) = 0 [pid 3882] mkdir("./file0", 0777) = 0 [pid 3882] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3882] chdir("./file0") = 0 [pid 3882] ioctl(4, LOOP_CLR_FD) = 0 [pid 3882] close(4) = 0 [pid 3882] exit_group(0) = ? [pid 3882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3884 [ 83.865680][ T3882] loop0: detected capacity change from 0 to 512 [ 83.875649][ T3882] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.885942][ T3882] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.894819][ T3882] EXT4-fs (loop0): 1 truncate cleaned up ./strace-static-x86_64: Process 3884 attached [pid 3884] chdir("./123") = 0 [pid 3884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3884] setpgid(0, 0) = 0 [pid 3884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3884] write(3, "1000", 4) = 4 [pid 3884] close(3) = 0 [pid 3884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3884] memfd_create("syzkaller", 0) = 3 [pid 3884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3884] munmap(0x7f0a78000000, 262144) = 0 [pid 3884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3884] close(3) = 0 [pid 3884] mkdir("./file0", 0777) = 0 [pid 3884] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3884] chdir("./file0") = 0 [pid 3884] ioctl(4, LOOP_CLR_FD) = 0 [pid 3884] close(4) = 0 [pid 3884] exit_group(0) = ? [pid 3884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3884, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3886 ./strace-static-x86_64: Process 3886 attached [pid 3886] chdir("./124") = 0 [pid 3886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3886] setpgid(0, 0) = 0 [pid 3886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3886] write(3, "1000", 4) = 4 [pid 3886] close(3) = 0 [pid 3886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3886] memfd_create("syzkaller", 0) = 3 [pid 3886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [ 83.956143][ T3884] loop0: detected capacity change from 0 to 512 [ 83.964784][ T3884] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 83.975543][ T3884] EXT4-fs (loop0): orphan cleanup on readonly fs [ 83.984686][ T3884] EXT4-fs (loop0): 1 truncate cleaned up [pid 3886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3886] munmap(0x7f0a78000000, 262144) = 0 [pid 3886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3886] close(3) = 0 [pid 3886] mkdir("./file0", 0777) = 0 [pid 3886] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3886] chdir("./file0") = 0 [pid 3886] ioctl(4, LOOP_CLR_FD) = 0 [pid 3886] close(4) = 0 [pid 3886] exit_group(0) = ? [pid 3886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3886, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 84.043089][ T3886] loop0: detected capacity change from 0 to 512 [ 84.053463][ T3886] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.064016][ T3886] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.072713][ T3886] EXT4-fs (loop0): 1 truncate cleaned up umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3888 ./strace-static-x86_64: Process 3888 attached [pid 3888] chdir("./125") = 0 [pid 3888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3888] setpgid(0, 0) = 0 [pid 3888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3888] write(3, "1000", 4) = 4 [pid 3888] close(3) = 0 [pid 3888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3888] memfd_create("syzkaller", 0) = 3 [pid 3888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3888] munmap(0x7f0a78000000, 262144) = 0 [pid 3888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3888] close(3) = 0 [pid 3888] mkdir("./file0", 0777) = 0 [pid 3888] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3888] chdir("./file0") = 0 [pid 3888] ioctl(4, LOOP_CLR_FD) = 0 [pid 3888] close(4) = 0 [pid 3888] exit_group(0) = ? [pid 3888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3888, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.163204][ T3888] loop0: detected capacity change from 0 to 512 [ 84.173392][ T3888] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.184062][ T3888] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.192810][ T3888] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3890 ./strace-static-x86_64: Process 3890 attached [pid 3890] chdir("./126") = 0 [pid 3890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3890] setpgid(0, 0) = 0 [pid 3890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3890] write(3, "1000", 4) = 4 [pid 3890] close(3) = 0 [pid 3890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3890] memfd_create("syzkaller", 0) = 3 [pid 3890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3890] munmap(0x7f0a78000000, 262144) = 0 [pid 3890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3890] close(3) = 0 [pid 3890] mkdir("./file0", 0777) = 0 [pid 3890] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3890] chdir("./file0") = 0 [pid 3890] ioctl(4, LOOP_CLR_FD) = 0 [pid 3890] close(4) = 0 [pid 3890] exit_group(0) = ? [pid 3890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3890, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3892 ./strace-static-x86_64: Process 3892 attached [ 84.257529][ T3890] loop0: detected capacity change from 0 to 512 [ 84.266232][ T3890] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.276982][ T3890] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.286071][ T3890] EXT4-fs (loop0): 1 truncate cleaned up [pid 3892] chdir("./127") = 0 [pid 3892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3892] setpgid(0, 0) = 0 [pid 3892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3892] write(3, "1000", 4) = 4 [pid 3892] close(3) = 0 [pid 3892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3892] memfd_create("syzkaller", 0) = 3 [pid 3892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3892] munmap(0x7f0a78000000, 262144) = 0 [pid 3892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3892] close(3) = 0 [pid 3892] mkdir("./file0", 0777) = 0 [pid 3892] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3892] chdir("./file0") = 0 [pid 3892] ioctl(4, LOOP_CLR_FD) = 0 [pid 3892] close(4) = 0 [pid 3892] exit_group(0) = ? [pid 3892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3892, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 84.355484][ T3892] loop0: detected capacity change from 0 to 512 [ 84.365827][ T3892] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.375941][ T3892] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.384958][ T3892] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3894 ./strace-static-x86_64: Process 3894 attached [pid 3894] chdir("./128") = 0 [pid 3894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3894] setpgid(0, 0) = 0 [pid 3894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3894] write(3, "1000", 4) = 4 [pid 3894] close(3) = 0 [pid 3894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3894] memfd_create("syzkaller", 0) = 3 [pid 3894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3894] munmap(0x7f0a78000000, 262144) = 0 [pid 3894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3894] close(3) = 0 [pid 3894] mkdir("./file0", 0777) = 0 [pid 3894] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3894] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3894] chdir("./file0") = 0 [pid 3894] ioctl(4, LOOP_CLR_FD) = 0 [pid 3894] close(4) = 0 [pid 3894] exit_group(0) = ? [pid 3894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3894, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 84.455836][ T3894] loop0: detected capacity change from 0 to 512 [ 84.464448][ T3894] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.475225][ T3894] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.484612][ T3894] EXT4-fs (loop0): 1 truncate cleaned up clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3896 ./strace-static-x86_64: Process 3896 attached [pid 3896] chdir("./129") = 0 [pid 3896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3896] setpgid(0, 0) = 0 [pid 3896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3896] write(3, "1000", 4) = 4 [pid 3896] close(3) = 0 [pid 3896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3896] memfd_create("syzkaller", 0) = 3 [pid 3896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3896] munmap(0x7f0a78000000, 262144) = 0 [pid 3896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3896] close(3) = 0 [pid 3896] mkdir("./file0", 0777) = 0 [pid 3896] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3896] chdir("./file0") = 0 [pid 3896] ioctl(4, LOOP_CLR_FD) = 0 [pid 3896] close(4) = 0 [pid 3896] exit_group(0) = ? [pid 3896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3896, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 84.550969][ T3896] loop0: detected capacity change from 0 to 512 [ 84.559819][ T3896] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.569996][ T3896] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.579651][ T3896] EXT4-fs (loop0): 1 truncate cleaned up getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3898 ./strace-static-x86_64: Process 3898 attached [pid 3898] chdir("./130") = 0 [pid 3898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3898] setpgid(0, 0) = 0 [pid 3898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3898] write(3, "1000", 4) = 4 [pid 3898] close(3) = 0 [pid 3898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3898] memfd_create("syzkaller", 0) = 3 [pid 3898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3898] munmap(0x7f0a78000000, 262144) = 0 [pid 3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3898] close(3) = 0 [pid 3898] mkdir("./file0", 0777) = 0 [pid 3898] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3898] chdir("./file0") = 0 [pid 3898] ioctl(4, LOOP_CLR_FD) = 0 [pid 3898] close(4) = 0 [pid 3898] exit_group(0) = ? [pid 3898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3898, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3900 ./strace-static-x86_64: Process 3900 attached [pid 3900] chdir("./131") = 0 [pid 3900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3900] setpgid(0, 0) = 0 [pid 3900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3900] write(3, "1000", 4) = 4 [pid 3900] close(3) = 0 [pid 3900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3900] memfd_create("syzkaller", 0) = 3 [pid 3900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3900] munmap(0x7f0a78000000, 262144) = 0 [pid 3900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 84.653312][ T3898] loop0: detected capacity change from 0 to 512 [ 84.661743][ T3898] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.672032][ T3898] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.680801][ T3898] EXT4-fs (loop0): 1 truncate cleaned up [pid 3900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3900] close(3) = 0 [pid 3900] mkdir("./file0", 0777) = 0 [pid 3900] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3900] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3900] chdir("./file0") = 0 [pid 3900] ioctl(4, LOOP_CLR_FD) = 0 [pid 3900] close(4) = 0 [pid 3900] exit_group(0) = ? [pid 3900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3900, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 [ 84.731626][ T3900] loop0: detected capacity change from 0 to 512 [ 84.740967][ T3900] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.751806][ T3900] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.760592][ T3900] EXT4-fs (loop0): 1 truncate cleaned up umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3902 attached , child_tidptr=0x55555748e5d0) = 3902 [pid 3902] chdir("./132") = 0 [pid 3902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3902] setpgid(0, 0) = 0 [pid 3902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3902] write(3, "1000", 4) = 4 [pid 3902] close(3) = 0 [pid 3902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3902] memfd_create("syzkaller", 0) = 3 [pid 3902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3902] munmap(0x7f0a78000000, 262144) = 0 [pid 3902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3902] close(3) = 0 [pid 3902] mkdir("./file0", 0777) = 0 [pid 3902] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3902] chdir("./file0") = 0 [pid 3902] ioctl(4, LOOP_CLR_FD) = 0 [pid 3902] close(4) = 0 [pid 3902] exit_group(0) = ? [pid 3902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3902, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3904 ./strace-static-x86_64: Process 3904 attached [pid 3904] chdir("./133") = 0 [pid 3904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3904] setpgid(0, 0) = 0 [pid 3904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 84.839163][ T3902] loop0: detected capacity change from 0 to 512 [ 84.848258][ T3902] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.858474][ T3902] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.867415][ T3902] EXT4-fs (loop0): 1 truncate cleaned up [pid 3904] write(3, "1000", 4) = 4 [pid 3904] close(3) = 0 [pid 3904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3904] memfd_create("syzkaller", 0) = 3 [pid 3904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3904] munmap(0x7f0a78000000, 262144) = 0 [pid 3904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3904] close(3) = 0 [pid 3904] mkdir("./file0", 0777) = 0 [pid 3904] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3904] chdir("./file0") = 0 [pid 3904] ioctl(4, LOOP_CLR_FD) = 0 [pid 3904] close(4) = 0 [pid 3904] exit_group(0) = ? [pid 3904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3904, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 84.931927][ T3904] loop0: detected capacity change from 0 to 512 [ 84.942467][ T3904] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 84.952777][ T3904] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.962351][ T3904] EXT4-fs (loop0): 1 truncate cleaned up umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3906 ./strace-static-x86_64: Process 3906 attached [pid 3906] chdir("./134") = 0 [pid 3906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3906] setpgid(0, 0) = 0 [pid 3906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3906] write(3, "1000", 4) = 4 [pid 3906] close(3) = 0 [pid 3906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3906] memfd_create("syzkaller", 0) = 3 [pid 3906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3906] munmap(0x7f0a78000000, 262144) = 0 [pid 3906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3906] close(3) = 0 [pid 3906] mkdir("./file0", 0777) = 0 [pid 3906] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3906] chdir("./file0") = 0 [pid 3906] ioctl(4, LOOP_CLR_FD) = 0 [pid 3906] close(4) = 0 [pid 3906] exit_group(0) = ? [pid 3906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3906, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3908 ./strace-static-x86_64: Process 3908 attached [pid 3908] chdir("./135") = 0 [pid 3908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3908] setpgid(0, 0) = 0 [pid 3908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3908] write(3, "1000", 4) = 4 [pid 3908] close(3) = 0 [ 85.052953][ T3906] loop0: detected capacity change from 0 to 512 [ 85.062504][ T3906] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.072775][ T3906] EXT4-fs (loop0): orphan cleanup on readonly fs [ 85.082034][ T3906] EXT4-fs (loop0): 1 truncate cleaned up [pid 3908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3908] memfd_create("syzkaller", 0) = 3 [pid 3908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3908] munmap(0x7f0a78000000, 262144) = 0 [pid 3908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3908] close(3) = 0 [pid 3908] mkdir("./file0", 0777) = 0 [pid 3908] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3908] chdir("./file0") = 0 [pid 3908] ioctl(4, LOOP_CLR_FD) = 0 [pid 3908] close(4) = 0 [pid 3908] exit_group(0) = ? [pid 3908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3908, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 [ 85.139560][ T3908] loop0: detected capacity change from 0 to 512 [ 85.140779][ T3636] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 85.157004][ T3908] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.167661][ T3908] EXT4-fs (loop0): orphan cleanup on readonly fs [ 85.180666][ T3908] EXT4-fs (loop0): 1 truncate cleaned up rmdir("./135/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3910 ./strace-static-x86_64: Process 3910 attached [pid 3910] chdir("./136") = 0 [pid 3910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3910] setpgid(0, 0) = 0 [pid 3910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3910] write(3, "1000", 4) = 4 [pid 3910] close(3) = 0 [pid 3910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3910] memfd_create("syzkaller", 0) = 3 [pid 3910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3910] munmap(0x7f0a78000000, 262144) = 0 [pid 3910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3910] close(3) = 0 [pid 3910] mkdir("./file0", 0777) = 0 [pid 3910] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3910] chdir("./file0") = 0 [pid 3910] ioctl(4, LOOP_CLR_FD) = 0 [pid 3910] close(4) = 0 [pid 3910] exit_group(0) = ? [pid 3910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3910, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3912 ./strace-static-x86_64: Process 3912 attached [pid 3912] chdir("./137") = 0 [pid 3912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3912] setpgid(0, 0) = 0 [pid 3912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3912] write(3, "1000", 4) = 4 [pid 3912] close(3) = 0 [pid 3912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3912] memfd_create("syzkaller", 0) = 3 [pid 3912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3912] munmap(0x7f0a78000000, 262144) = 0 [pid 3912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 85.240771][ T3910] loop0: detected capacity change from 0 to 512 [ 85.249490][ T3910] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.260040][ T3910] EXT4-fs (loop0): orphan cleanup on readonly fs [ 85.269169][ T3910] EXT4-fs (loop0): 1 truncate cleaned up [pid 3912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3912] close(3) = 0 [pid 3912] mkdir("./file0", 0777) = 0 [pid 3912] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3912] chdir("./file0") = 0 [pid 3912] ioctl(4, LOOP_CLR_FD) = 0 [pid 3912] close(4) = 0 [pid 3912] exit_group(0) = ? [pid 3912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3912, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 [ 85.319866][ T3912] loop0: detected capacity change from 0 to 512 [ 85.328403][ T3912] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.339889][ T3912] EXT4-fs (loop0): orphan cleanup on readonly fs [ 85.349616][ T3912] EXT4-fs (loop0): 1 truncate cleaned up umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3914 ./strace-static-x86_64: Process 3914 attached [pid 3914] chdir("./138") = 0 [pid 3914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3914] setpgid(0, 0) = 0 [pid 3914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3914] write(3, "1000", 4) = 4 [pid 3914] close(3) = 0 [pid 3914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3914] memfd_create("syzkaller", 0) = 3 [pid 3914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3914] munmap(0x7f0a78000000, 262144) = 0 [pid 3914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3914] close(3) = 0 [pid 3914] mkdir("./file0", 0777) = 0 [pid 3914] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3914] chdir("./file0") = 0 [pid 3914] ioctl(4, LOOP_CLR_FD) = 0 [pid 3914] close(4) = 0 [pid 3914] exit_group(0) = ? [pid 3914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3914, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 85.436595][ T3914] loop0: detected capacity change from 0 to 512 [ 85.445143][ T3914] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.455820][ T3914] EXT4-fs (loop0): orphan cleanup on readonly fs [ 85.464702][ T3914] EXT4-fs (loop0): 1 truncate cleaned up umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3916 attached [pid 3916] chdir("./139" [pid 3634] <... clone resumed>, child_tidptr=0x55555748e5d0) = 3916 [pid 3916] <... chdir resumed>) = 0 [pid 3916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3916] setpgid(0, 0) = 0 [pid 3916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3916] write(3, "1000", 4) = 4 [pid 3916] close(3) = 0 [pid 3916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3916] memfd_create("syzkaller", 0) = 3 [pid 3916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3916] munmap(0x7f0a78000000, 262144) = 0 [pid 3916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3916] close(3) = 0 [pid 3916] mkdir("./file0", 0777) = 0 [pid 3916] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3916] chdir("./file0") = 0 [pid 3916] ioctl(4, LOOP_CLR_FD) = 0 [pid 3916] close(4) = 0 [pid 3916] exit_group(0) = ? [pid 3916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3916, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 [ 85.536019][ T3916] loop0: detected capacity change from 0 to 512 [ 85.545378][ T3916] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.556231][ T3916] EXT4-fs (loop0): orphan cleanup on readonly fs [ 85.565111][ T3916] EXT4-fs (loop0): 1 truncate cleaned up openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555748e5d0) = 3918 ./strace-static-x86_64: Process 3918 attached [pid 3918] chdir("./140") = 0 [pid 3918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3918] setpgid(0, 0) = 0 [pid 3918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3918] write(3, "1000", 4) = 4 [pid 3918] close(3) = 0 [pid 3918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3918] memfd_create("syzkaller", 0) = 3 [pid 3918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3918] munmap(0x7f0a78000000, 262144) = 0 [pid 3918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3918] close(3) = 0 [pid 3918] mkdir("./file0", 0777) = 0 [pid 3918] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODEV|MS_MANDLOCK, "nojournal_checksum,nodelalloc,grpjquota=,barrier=0x0000000080000000,data_err=abort,abort,discard,jqf"...) = 0 [pid 3918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3918] chdir("./file0") = 0 [pid 3918] ioctl(4, LOOP_CLR_FD) = 0 [pid 3918] close(4) = 0 [pid 3918] exit_group(0) = ? [pid 3918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3918, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x55555748f620 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 85.631003][ T3918] loop0: detected capacity change from 0 to 512 [ 85.639736][ T3918] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 85.650840][ T3918] EXT4-fs (loop0): orphan cleanup on readonly fs [ 85.660165][ T3918] EXT4-fs (loop0): 1 truncate cleaned up umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555557497660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557497660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x55555748f620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3920 attached , child_tidptr=0x55555748e5d0) = 3920 [pid 3920] chdir("./141") = 0 [pid 3920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3920] setpgid(0, 0) = 0 [pid 3920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3920] write(3, "1000", 4) = 4 [pid 3920] close(3) = 0 [pid 3920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3920] memfd_create("syzkaller", 0) = 3 [pid 3920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0a78000000 [pid 3920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 3920] munmap(0x7f0a78000000, 262144) = 0 [pid 3920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3920] close(3) = 0 [pid 3920] mkdir("./file0", 0777) = 0