./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1712114380 <...> Warning: Permanently added '10.128.0.226' (ED25519) to the list of known hosts. execve("./syz-executor1712114380", ["./syz-executor1712114380"], 0x7ffc8ed12f80 /* 10 vars */) = 0 brk(NULL) = 0x555586eca000 brk(0x555586ecad40) = 0x555586ecad40 arch_prctl(ARCH_SET_FS, 0x555586eca3c0) = 0 set_tid_address(0x555586eca690) = 293 set_robust_list(0x555586eca6a0, 24) = 0 rseq(0x555586ecace0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1712114380", 4096) = 28 getrandom("\x20\xd5\xc5\x5e\x57\x2c\x49\x85", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555586ecad40 brk(0x555586eebd40) = 0x555586eebd40 brk(0x555586eec000) = 0x555586eec000 mprotect(0x7f55ebb38000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.Iyawc4", 0700) = 0 chmod("./syzkaller.Iyawc4", 0777) = 0 chdir("./syzkaller.Iyawc4") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 295 ./strace-static-x86_64: Process 295 attached executing program [pid 295] set_robust_list(0x555586eca6a0, 24) = 0 [pid 295] chdir("./0") = 0 [pid 295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] setpgid(0, 0) = 0 [pid 295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 295] write(3, "1000", 4) = 4 [pid 295] close(3) = 0 [pid 295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 295] write(1, "executing program\n", 18) = 18 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 295] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[296]}, 88) = 296 [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] memfd_create("syzkaller", 0) = 3 [pid 296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 296] munmap(0x7f55e3653000, 138412032) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 296] close(3) = 0 [ 21.737096][ T30] audit: type=1400 audit(1730115874.401:66): avc: denied { execmem } for pid=293 comm="syz-executor171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.756661][ T30] audit: type=1400 audit(1730115874.401:67): avc: denied { read write } for pid=293 comm="syz-executor171" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.773518][ T296] loop0: detected capacity change from 0 to 1024 [pid 296] close(4) = 0 [pid 296] mkdir("./file1", 0777) = 0 [ 21.782828][ T30] audit: type=1400 audit(1730115874.401:68): avc: denied { open } for pid=293 comm="syz-executor171" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.810977][ T30] audit: type=1400 audit(1730115874.401:69): avc: denied { ioctl } for pid=293 comm="syz-executor171" path="/dev/loop0" dev="devtmpfs" ino=112 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.818361][ T296] EXT4-fs (loop0): Ignoring removed orlov option [ 21.836569][ T30] audit: type=1400 audit(1730115874.451:70): avc: denied { mounton } for pid=295 comm="syz-executor171" path="/root/syzkaller.Iyawc4/0/file1" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.842861][ T296] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 296] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 296] chdir("./file1") = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 296] ioctl(4, LOOP_CLR_FD) = 0 [pid 296] close(4) = 0 [pid 296] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [pid 296] chdir("./file0") = 0 [pid 296] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [pid 296] creat("./bus", 000) = 4 [pid 296] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [pid 296] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 296] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [pid 296] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 296] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [pid 296] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 296] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 295] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... futex resumed>) = 1 [pid 296] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 296] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... futex resumed>) = 0 [pid 295] exit_group(0) = ? [pid 296] <... futex resumed>) = ? [pid 296] +++ exited with 0 +++ [pid 295] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=295, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/lost+found") = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./0/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file0") = 0 umount2("./0/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/file1") = 0 [ 21.879812][ T296] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 21.902875][ T30] audit: type=1400 audit(1730115874.571:71): avc: denied { mount } for pid=295 comm="syz-executor171" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./0/file1/file0") = 0 umount2("./0/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file1") = 0 umount2("./0/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file2") = 0 umount2("./0/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file3") = 0 umount2("./0/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = -1 EBUSY (Device or resource busy) [ 21.927951][ T30] audit: type=1400 audit(1730115874.571:72): avc: denied { write } for pid=295 comm="syz-executor171" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 21.950500][ T30] audit: type=1400 audit(1730115874.571:73): avc: denied { add_name } for pid=295 comm="syz-executor171" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555586eca6a0, 24) = 0 [pid 301] chdir("./1") = 0 [pid 301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] setpgid(0, 0) = 0 [pid 301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] write(3, "1000", 4) = 4 [pid 301] close(3) = 0 [pid 301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] write(1, "executing program\n", 18executing program ) = 18 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 301] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[302]}, 88) = 302 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] memfd_create("syzkaller", 0) = 3 [pid 302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 302] munmap(0x7f55e3653000, 138412032) = 0 [pid 302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 21.971474][ T30] audit: type=1400 audit(1730115874.571:74): avc: denied { create } for pid=295 comm="syz-executor171" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 21.991602][ T30] audit: type=1400 audit(1730115874.571:75): avc: denied { write open } for pid=295 comm="syz-executor171" path="/root/syzkaller.Iyawc4/0/file1/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 302] close(3) = 0 [pid 302] close(4) = 0 [pid 302] mkdir("./file1", 0777) = 0 [ 22.042193][ T302] loop0: detected capacity change from 0 to 1024 [ 22.128382][ T302] EXT4-fs (loop0): Ignoring removed orlov option [ 22.134619][ T302] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 302] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 302] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 302] chdir("./file1") = 0 [pid 302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 302] ioctl(4, LOOP_CLR_FD) = 0 [pid 302] close(4) = 0 [pid 302] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] chdir("./file0") = 0 [pid 302] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] creat("./bus", 000) = 4 [pid 302] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 302] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] <... open resumed>) = 5 [pid 302] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 302] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 301] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 302] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 302] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 301] <... futex resumed>) = 0 [pid 302] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] exit_group(0) = ? [pid 302] <... futex resumed>) = ? [pid 302] +++ exited with 0 +++ [pid 301] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=301, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file1/lost+found") = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./1/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file0") = 0 umount2("./1/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/file1") = 0 umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./1/file1/file0") = 0 umount2("./1/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file1") = 0 umount2("./1/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file2") = 0 umount2("./1/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file3") = 0 umount2("./1/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = -1 EBUSY (Device or resource busy) [ 22.159142][ T302] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555586eca690) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555586eca6a0, 24) = 0 [pid 306] chdir("./2") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 306] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[307]}, 88) = 307 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] memfd_create("syzkaller", 0) = 3 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 307] munmap(0x7f55e3653000, 138412032) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 307] close(3) = 0 [pid 307] close(4) = 0 [pid 307] mkdir("./file1", 0777) = 0 [ 22.327661][ T307] loop0: detected capacity change from 0 to 1024 [ 22.336399][ T307] EXT4-fs (loop0): Ignoring removed orlov option [ 22.342689][ T307] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 307] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 307] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("./file1") = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] chdir("./file0") = 0 [pid 307] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] creat("./bus", 000) = 4 [pid 307] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 307] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 307] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 307] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 307] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 306] exit_group(0) = ? [pid 307] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/file1/lost+found") = 0 umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./2/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/file0") = 0 umount2("./2/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/file1") = 0 umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./2/file1/file0") = 0 umount2("./2/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file1") = 0 umount2("./2/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file2") = 0 umount2("./2/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file3") = 0 umount2("./2/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = -1 EBUSY (Device or resource busy) [ 22.359315][ T307] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 310 ./strace-static-x86_64: Process 310 attached [pid 310] set_robust_list(0x555586eca6a0, 24) = 0 [pid 310] chdir("./3") = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 310] setpgid(0, 0) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 310] write(3, "1000", 4) = 4 [pid 310] close(3) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs") = 0 [pid 310] write(1, "executing program\n", 18executing program ) = 18 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 310] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 310] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 310] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 310] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 310] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] <... clone3 resumed> => {parent_tid=[311]}, 88) = 311 [pid 311] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] <... futex resumed>) = 0 [pid 311] memfd_create("syzkaller", 0) = 3 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 311] munmap(0x7f55e3653000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 311] close(3) = 0 [pid 311] close(4) = 0 [pid 311] mkdir("./file1", 0777) = 0 [ 22.477759][ T311] loop0: detected capacity change from 0 to 1024 [pid 311] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 311] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 311] chdir("./file1") = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_CLR_FD) = 0 [pid 311] close(4) = 0 [pid 311] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 311] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] chdir("./file0") = 0 [pid 311] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] creat("./bus", 000 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... creat resumed>) = 4 [pid 311] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 311] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 311] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 311] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 311] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] <... futex resumed>) = 0 [pid 310] exit_group(0) = ? [pid 311] +++ exited with 0 +++ [pid 310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./3/file1/lost+found") = 0 umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 [ 22.558397][ T311] EXT4-fs (loop0): Ignoring removed orlov option [ 22.564578][ T311] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 22.579049][ T311] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./3/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/file0") = 0 umount2("./3/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/file1") = 0 umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 [ 22.628369][ T293] ================================================================== [ 22.636253][ T293] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 22.644056][ T293] Read of size 4 at addr ffff88810d3c8000 by task syz-executor171/293 [ 22.652042][ T293] [ 22.654212][ T293] CPU: 0 PID: 293 Comm: syz-executor171 Not tainted 5.15.167-syzkaller-android13-5.15.167_r00 #0 [ 22.664540][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 22.674439][ T293] Call Trace: [ 22.677568][ T293] [ 22.680341][ T293] dump_stack_lvl+0x151/0x1c0 [ 22.684854][ T293] ? io_uring_drop_tctx_refs+0x190/0x190 [ 22.690318][ T293] ? panic+0x760/0x760 [ 22.694226][ T293] print_address_description+0x87/0x3b0 [ 22.699611][ T293] kasan_report+0x179/0x1c0 [ 22.703956][ T293] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 22.709548][ T293] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 22.714992][ T293] __asan_report_load4_noabort+0x14/0x20 [ 22.720453][ T293] ext4_xattr_delete_inode+0xcd0/0xce0 [ 22.725754][ T293] ? sb_end_intwrite+0x120/0x120 [ 22.730520][ T293] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 22.736422][ T293] ? ext4_journal_check_start+0x16c/0x230 [ 22.741988][ T293] ? __kasan_check_read+0x11/0x20 [ 22.746836][ T293] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 22.752576][ T293] ? ext4_evict_inode+0xb8d/0x14e0 [ 22.757525][ T293] ext4_evict_inode+0xea1/0x14e0 [ 22.762286][ T293] ? _raw_spin_unlock+0x4d/0x70 [ 22.766983][ T293] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 22.772709][ T293] ? _raw_spin_unlock+0x4d/0x70 [ 22.777395][ T293] ? inode_io_list_del+0x18b/0x1a0 [ 22.782333][ T293] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 22.788061][ T293] evict+0x529/0x930 [ 22.791794][ T293] ? _raw_spin_unlock+0x4d/0x70 [ 22.796481][ T293] ? mode_strip_sgid+0x220/0x220 [ 22.801256][ T293] ? __kasan_check_write+0x14/0x20 [ 22.806203][ T293] ? __kasan_check_write+0x14/0x20 [ 22.811155][ T293] ? ext4_drop_inode+0x90/0x1a0 [ 22.815836][ T293] iput+0x63b/0x7e0 [ 22.819483][ T293] vfs_rmdir+0x359/0x470 [ 22.823563][ T293] do_rmdir+0x3ab/0x630 [ 22.827554][ T293] ? d_delete_notify+0x160/0x160 [ 22.832327][ T293] ? strncpy_from_user+0x18e/0x2d0 [ 22.837275][ T293] ? getname_flags+0x1fd/0x520 [ 22.841873][ T293] __x64_sys_rmdir+0x49/0x50 [ 22.846301][ T293] x64_sys_call+0x274/0x9a0 [ 22.850638][ T293] do_syscall_64+0x3b/0xb0 [ 22.854892][ T293] ? clear_bhb_loop+0x35/0x90 [ 22.859408][ T293] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 22.865138][ T293] RIP: 0033:0x7f55ebab6737 [ 22.869420][ T293] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 22.888832][ T293] RSP: 002b:00007ffe94503398 EFLAGS: 00000207 ORIG_RAX: 0000000000000054 [ 22.897074][ T293] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f55ebab6737 [ 22.904891][ T293] RDX: 0000000000008850 RSI: 0000000000000000 RDI: 00007ffe94504540 [ 22.912697][ T293] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000 [ 22.920509][ T293] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe94504540 [ 22.928324][ T293] R13: 0000555586edb780 R14: 431bde82d7b634db R15: 00007ffe94506694 [ 22.936134][ T293] [ 22.939000][ T293] [ 22.941166][ T293] Allocated by task 20: [ 22.945160][ T293] __kasan_slab_alloc+0xb1/0xe0 [ 22.949843][ T293] slab_post_alloc_hook+0x53/0x2c0 [ 22.954791][ T293] kmem_cache_alloc_bulk+0x29e/0x360 [ 22.959915][ T293] napi_skb_cache_get+0x11f/0x1f0 [ 22.964774][ T293] __alloc_skb+0xd5/0x550 [ 22.968939][ T293] __napi_alloc_skb+0x167/0x2e0 [ 22.973626][ T293] page_to_skb+0x2a5/0xb40 [ 22.977878][ T293] receive_buf+0xed6/0x57d0 [ 22.982219][ T293] virtnet_poll+0x615/0x1250 [ 22.986650][ T293] __napi_poll+0xc4/0x5a0 [ 22.990811][ T293] net_rx_action+0x47d/0xc50 [ 22.995237][ T293] handle_softirqs+0x25e/0x5c0 [ 22.999840][ T293] __irq_exit_rcu+0x52/0xf0 [ 23.004182][ T293] irq_exit_rcu+0x9/0x10 [ 23.008259][ T293] common_interrupt+0xb4/0xd0 [ 23.012770][ T293] asm_common_interrupt+0x27/0x40 [ 23.017631][ T293] [ 23.019800][ T293] Freed by task 20: [ 23.023446][ T293] kasan_set_track+0x4b/0x70 [ 23.027872][ T293] kasan_set_free_info+0x23/0x40 [ 23.032645][ T293] ____kasan_slab_free+0x126/0x160 [ 23.037591][ T293] __kasan_slab_free+0x11/0x20 [ 23.042192][ T293] slab_free_freelist_hook+0xbd/0x190 [ 23.047526][ T293] kmem_cache_free+0x116/0x2e0 [ 23.052242][ T293] kfree_skbmem+0x104/0x170 [ 23.056572][ T293] __kfree_skb+0x58/0x70 [ 23.060650][ T293] tcp_rcv_established+0xcde/0x1ac0 [ 23.065692][ T293] tcp_v4_do_rcv+0x3d7/0xa00 [ 23.070113][ T293] tcp_v4_rcv+0x23dd/0x2a70 [ 23.074549][ T293] ip_protocol_deliver_rcu+0x32f/0x710 [ 23.079847][ T293] ip_local_deliver+0x2c6/0x590 [ 23.084528][ T293] ip_sublist_rcv+0x7e2/0x980 [ 23.089043][ T293] ip_list_rcv+0x422/0x470 [ 23.093295][ T293] __netif_receive_skb_list_core+0x6b1/0x890 [ 23.099121][ T293] netif_receive_skb_list_internal+0x967/0xcc0 [ 23.105099][ T293] napi_complete_done+0x344/0x770 [ 23.109958][ T293] virtnet_poll+0xbd0/0x1250 [ 23.114391][ T293] __napi_poll+0xc4/0x5a0 [ 23.118552][ T293] net_rx_action+0x47d/0xc50 [ 23.122978][ T293] handle_softirqs+0x25e/0x5c0 [ 23.127577][ T293] __irq_exit_rcu+0x52/0xf0 [ 23.131919][ T293] irq_exit_rcu+0x9/0x10 [ 23.135999][ T293] common_interrupt+0xb4/0xd0 [ 23.140513][ T293] asm_common_interrupt+0x27/0x40 [ 23.145397][ T293] [ 23.147541][ T293] The buggy address belongs to the object at ffff88810d3c8000 [ 23.147541][ T293] which belongs to the cache skbuff_head_cache of size 248 [ 23.161949][ T293] The buggy address is located 0 bytes inside of [ 23.161949][ T293] 248-byte region [ffff88810d3c8000, ffff88810d3c80f8) [ 23.174885][ T293] The buggy address belongs to the page: [ 23.180376][ T293] page:ffffea000434f200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d3c8 [ 23.190419][ T293] flags: 0x4000000000000200(slab|zone=1) [ 23.196069][ T293] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881081b3c80 [ 23.204483][ T293] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 23.212908][ T293] page dumped because: kasan: bad access detected [ 23.219160][ T293] page_owner tracks the page as allocated [ 23.224702][ T293] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 90, ts 4015433908, free_ts 4012655706 [ 23.240237][ T293] post_alloc_hook+0x1a3/0x1b0 [ 23.244835][ T293] prep_new_page+0x1b/0x110 [ 23.249174][ T293] get_page_from_freelist+0x3550/0x35d0 [ 23.254569][ T293] __alloc_pages+0x27e/0x8f0 [ 23.258986][ T293] new_slab+0x9a/0x4e0 [ 23.262890][ T293] ___slab_alloc+0x39e/0x830 [ 23.267317][ T293] __slab_alloc+0x4a/0x90 [ 23.271919][ T293] kmem_cache_alloc+0x134/0x200 [ 23.276609][ T293] __alloc_skb+0xbe/0x550 [ 23.280931][ T293] alloc_skb_with_frags+0xa6/0x680 [ 23.285863][ T293] sock_alloc_send_pskb+0x915/0xa50 [ 23.290897][ T293] unix_dgram_sendmsg+0x6fd/0x2090 [ 23.295841][ T293] __sys_sendto+0x564/0x720 [ 23.300200][ T293] __x64_sys_sendto+0xe5/0x100 [ 23.304781][ T293] x64_sys_call+0x15c/0x9a0 [ 23.309121][ T293] do_syscall_64+0x3b/0xb0 [ 23.313374][ T293] page last free stack trace: [ 23.317887][ T293] free_unref_page_prepare+0x7c8/0x7d0 [ 23.323189][ T293] free_unref_page+0xe8/0x750 [ 23.327693][ T293] __free_pages+0x61/0xf0 [ 23.331862][ T293] __vunmap+0x7bc/0x8f0 [ 23.335854][ T293] free_work+0x5b/0x80 [ 23.339758][ T293] process_one_work+0x6bb/0xc10 [ 23.344447][ T293] worker_thread+0xad5/0x12a0 [ 23.348959][ T293] kthread+0x421/0x510 [ 23.352865][ T293] ret_from_fork+0x1f/0x30 [ 23.357130][ T293] [ 23.359301][ T293] Memory state around the buggy address: [ 23.364759][ T293] ffff88810d3c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.372745][ T293] ffff88810d3c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 rmdir("./3/file1/file0") = 0 umount2("./3/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file1") = 0 umount2("./3/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file2") = 0 umount2("./3/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file3") = 0 umount2("./3/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = -1 EBUSY (Device or resource busy) [ 23.380657][ T293] >ffff88810d3c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.388542][ T293] ^ [ 23.392447][ T293] ffff88810d3c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc [ 23.400346][ T293] ffff88810d3c8100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 23.408247][ T293] ================================================================== [ 23.416138][ T293] Disabling lock debugging due to kernel taint umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x555586eca6a0, 24) = 0 [pid 315] chdir("./4") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18executing program ) = 18 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 315] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[316]}, 88) = 316 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] memfd_create("syzkaller", 0) = 3 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 316] munmap(0x7f55e3653000, 138412032) = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 316] close(3) = 0 [pid 316] close(4) = 0 [pid 316] mkdir("./file1", 0777) = 0 [ 23.541871][ T316] loop0: detected capacity change from 0 to 1024 [pid 316] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 316] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 316] chdir("./file1") = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 316] ioctl(4, LOOP_CLR_FD) = 0 [pid 316] close(4) = 0 [pid 316] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] chdir("./file0") = 0 [pid 316] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] creat("./bus", 000) = 4 [pid 316] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 316] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 316] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] <... futex resumed>) = 1 [pid 316] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 316] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 316] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 316] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 315] <... futex resumed>) = 0 [pid 315] exit_group(0) = ? [pid 316] +++ exited with 0 +++ [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file1/lost+found") = 0 umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./4/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/file0") = 0 umount2("./4/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/file1") = 0 umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./4/file1/file0") = 0 umount2("./4/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file1") = 0 umount2("./4/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file2") = 0 umount2("./4/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file3") = 0 umount2("./4/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = -1 EBUSY (Device or resource busy) [ 23.628443][ T316] EXT4-fs (loop0): Ignoring removed orlov option [ 23.634619][ T316] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 23.649216][ T316] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 319 ./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x555586eca6a0, 24) = 0 [pid 319] chdir("./5") = 0 [pid 319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 319] setpgid(0, 0) = 0 [pid 319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 319] write(3, "1000", 4) = 4 [pid 319] close(3) = 0 [pid 319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 319] write(1, "executing program\n", 18) = 18 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 319] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[320]}, 88) = 320 [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 320] munmap(0x7f55e3653000, 138412032) = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 320] close(3) = 0 [pid 320] close(4) = 0 [pid 320] mkdir("./file1", 0777) = 0 [ 23.809730][ T320] loop0: detected capacity change from 0 to 1024 [pid 320] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 320] chdir("./file1") = 0 [pid 320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 320] ioctl(4, LOOP_CLR_FD) = 0 [pid 320] close(4) = 0 [pid 320] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] chdir("./file0") = 0 [pid 320] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] creat("./bus", 000) = 4 [pid 320] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 320] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 320] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 320] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 320] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 319] <... futex resumed>) = 0 [pid 319] exit_group(0) = ? [pid 320] +++ exited with 0 +++ [pid 319] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=319, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file1/lost+found") = 0 umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./5/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/file0") = 0 umount2("./5/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/file1") = 0 umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./5/file1/file0") = 0 umount2("./5/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file1") = 0 umount2("./5/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file2") = 0 umount2("./5/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file3") = 0 umount2("./5/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = -1 EBUSY (Device or resource busy) [ 23.908316][ T320] EXT4-fs (loop0): Ignoring removed orlov option [ 23.914507][ T320] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 23.929013][ T320] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 323 ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x555586eca6a0, 24) = 0 [pid 323] chdir("./6") = 0 [pid 323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 323] setpgid(0, 0) = 0 [pid 323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 323] write(3, "1000", 4) = 4 [pid 323] close(3) = 0 [pid 323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 323] write(1, "executing program\n", 18) = 18 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 323] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[324]}, 88) = 324 [pid 323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 323] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 324] memfd_create("syzkaller", 0) = 3 [pid 324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 324] munmap(0x7f55e3653000, 138412032) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 324] close(3) = 0 [pid 324] close(4) = 0 [pid 324] mkdir("./file1", 0777) = 0 [ 24.010751][ T324] loop0: detected capacity change from 0 to 1024 [pid 324] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 324] chdir("./file1") = 0 [pid 324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 324] ioctl(4, LOOP_CLR_FD) = 0 [pid 324] close(4) = 0 [pid 324] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 324] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 323] <... futex resumed>) = 0 [pid 323] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] <... futex resumed>) = 0 [pid 324] chdir("./file0") = 0 [pid 324] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = 0 [pid 323] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] <... futex resumed>) = 1 [pid 324] creat("./bus", 000) = 4 [pid 324] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = 0 [pid 323] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] <... futex resumed>) = 1 [pid 324] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 324] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 323] <... futex resumed>) = 0 [pid 324] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 323] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] <... futex resumed>) = 0 [pid 324] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 324] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = 0 [pid 323] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] <... futex resumed>) = 1 [pid 324] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 324] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 323] <... futex resumed>) = 0 [pid 323] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 323] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 324] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 323] <... futex resumed>) = 0 [pid 324] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 323] exit_group(0) = ? [pid 324] <... futex resumed>) = ? [pid 324] +++ exited with 0 +++ [pid 323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=323, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file1/lost+found") = 0 umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./6/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/file0") = 0 umount2("./6/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/file1") = 0 umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./6/file1/file0") = 0 umount2("./6/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file1") = 0 umount2("./6/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file2") = 0 umount2("./6/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file3") = 0 umount2("./6/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = -1 EBUSY (Device or resource busy) [ 24.098321][ T324] EXT4-fs (loop0): Ignoring removed orlov option [ 24.104503][ T324] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 24.119290][ T324] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x555586eca6a0, 24) = 0 [pid 327] chdir("./7") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 327] write(1, "executing program\n", 18executing program ) = 18 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 327] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x7f55eba739a0, 24 [pid 327] <... clone3 resumed> => {parent_tid=[328]}, 88) = 328 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 328] <... set_robust_list resumed>) = 0 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] memfd_create("syzkaller", 0) = 3 [pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 328] munmap(0x7f55e3653000, 138412032) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 328] close(3) = 0 [pid 328] close(4) = 0 [pid 328] mkdir("./file1", 0777) = 0 [ 24.223722][ T328] loop0: detected capacity change from 0 to 1024 [pid 328] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 328] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 328] chdir("./file1") = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 328] ioctl(4, LOOP_CLR_FD) = 0 [pid 328] close(4) = 0 [pid 328] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] chdir("./file0") = 0 [pid 328] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... futex resumed>) = 1 [pid 328] creat("./bus", 000) = 4 [pid 328] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 328] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 328] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 328] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 328] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 327] exit_group(0) = ? [pid 328] +++ exited with 0 +++ [pid 327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file1/lost+found") = 0 umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./7/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/file0") = 0 umount2("./7/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/file1") = 0 umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./7/file1/file0") = 0 umount2("./7/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file1") = 0 umount2("./7/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file2") = 0 umount2("./7/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file3") = 0 umount2("./7/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = -1 EBUSY (Device or resource busy) [ 24.308428][ T328] EXT4-fs (loop0): Ignoring removed orlov option [ 24.314630][ T328] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 24.329010][ T328] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 332 ./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x555586eca6a0, 24) = 0 [pid 332] chdir("./8") = 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 332] setpgid(0, 0) = 0 [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 332] write(3, "1000", 4) = 4 [pid 332] close(3) = 0 [pid 332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 332] write(1, "executing program\n", 18executing program ) = 18 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 332] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 332] <... clone3 resumed> => {parent_tid=[333]}, 88) = 333 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] <... futex resumed>) = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 333] munmap(0x7f55e3653000, 138412032) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 333] close(3) = 0 [pid 333] close(4) = 0 [pid 333] mkdir("./file1", 0777) = 0 [ 24.441923][ T333] loop0: detected capacity change from 0 to 1024 [pid 333] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 333] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 333] chdir("./file1") = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_CLR_FD) = 0 [pid 333] close(4) = 0 [pid 333] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 333] chdir("./file0") = 0 [pid 333] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] creat("./bus", 000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... creat resumed>) = 4 [pid 333] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... mount resumed>) = 0 [pid 333] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... open resumed>) = 5 [pid 333] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 333] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 333] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 333] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 332] exit_group(0) = ? [pid 333] <... futex resumed>) = ? [pid 333] +++ exited with 0 +++ [pid 332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file1/lost+found") = 0 umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./8/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/file0") = 0 umount2("./8/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/file1") = 0 umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./8/file1/file0") = 0 umount2("./8/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file1") = 0 umount2("./8/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file2") = 0 umount2("./8/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file3") = 0 umount2("./8/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = -1 EBUSY (Device or resource busy) [ 24.518413][ T333] EXT4-fs (loop0): Ignoring removed orlov option [ 24.524605][ T333] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 24.539147][ T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 336 ./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x555586eca6a0, 24) = 0 [pid 336] chdir("./9") = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 336] write(1, "executing program\n", 18) = 18 [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 336] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[337]}, 88) = 337 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] memfd_create("syzkaller", 0) = 3 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 337] munmap(0x7f55e3653000, 138412032) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 337] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 337] close(3) = 0 [pid 337] close(4) = 0 [pid 337] mkdir("./file1", 0777) = 0 [pid 337] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 337] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 337] chdir("./file1") = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 337] ioctl(4, LOOP_CLR_FD) = 0 [pid 337] close(4) = 0 [pid 337] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] <... futex resumed>) = 1 [pid 337] chdir("./file0") = 0 [pid 337] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] <... futex resumed>) = 1 [pid 337] creat("./bus", 000) = 4 [pid 337] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] <... futex resumed>) = 1 [pid 337] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 337] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] <... futex resumed>) = 1 [pid 337] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 337] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] <... futex resumed>) = 1 [pid 337] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 337] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] readv(-1, [pid 336] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 337] <... readv resumed>0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 337] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 336] <... futex resumed>) = 0 [pid 337] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] exit_group(0) = ? [pid 337] <... futex resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file1/lost+found") = 0 umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./9/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/file0") = 0 umount2("./9/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/file1") = 0 umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./9/file1/file0") = 0 umount2("./9/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file1") = 0 umount2("./9/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file2") = 0 umount2("./9/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file3") = 0 umount2("./9/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = -1 EBUSY (Device or resource busy) [ 24.633431][ T337] loop0: detected capacity change from 0 to 1024 [ 24.642996][ T337] EXT4-fs (loop0): Ignoring removed orlov option [ 24.649190][ T337] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 24.659241][ T337] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555586eca6a0, 24) = 0 [pid 340] chdir("./10") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] write(1, "executing program\n", 18) = 18 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 340] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[341]}, 88) = 341 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 341] munmap(0x7f55e3653000, 138412032) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("./file1", 0777) = 0 [ 24.738179][ T341] loop0: detected capacity change from 0 to 1024 [pid 341] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 341] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("./file1") = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] chdir("./file0") = 0 [pid 341] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] creat("./bus", 000) = 4 [pid 341] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 341] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 341] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 341] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 341] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 340] exit_group(0) = ? [pid 341] <... futex resumed>) = ? [pid 341] +++ exited with 0 +++ [pid 340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file1/lost+found") = 0 umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./10/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/file0") = 0 umount2("./10/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/file1") = 0 umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./10/file1/file0") = 0 umount2("./10/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file1") = 0 umount2("./10/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file2") = 0 umount2("./10/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file3") = 0 umount2("./10/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = -1 EBUSY (Device or resource busy) [ 24.808455][ T341] EXT4-fs (loop0): Ignoring removed orlov option [ 24.814628][ T341] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 24.829151][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 344 ./strace-static-x86_64: Process 344 attached [pid 344] set_robust_list(0x555586eca6a0, 24) = 0 [pid 344] chdir("./11") = 0 [pid 344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 344] setpgid(0, 0) = 0 [pid 344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 344] write(3, "1000", 4) = 4 [pid 344] close(3) = 0 [pid 344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 344] write(1, "executing program\n", 18executing program ) = 18 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 344] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[345]}, 88) = 345 [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 345] memfd_create("syzkaller", 0) = 3 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 345] munmap(0x7f55e3653000, 138412032) = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 345] close(3) = 0 [pid 345] close(4) = 0 [pid 345] mkdir("./file1", 0777) = 0 [ 24.971498][ T345] loop0: detected capacity change from 0 to 1024 [pid 345] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 345] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 345] chdir("./file1") = 0 [pid 345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 345] ioctl(4, LOOP_CLR_FD) = 0 [pid 345] close(4) = 0 [pid 345] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 345] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 0 [pid 345] chdir("./file0") = 0 [pid 345] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 1 [pid 345] creat("./bus", 000) = 4 [pid 345] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 345] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 345] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 345] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 344] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 345] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] <... futex resumed>) = 0 [pid 344] exit_group(0) = ? [pid 345] +++ exited with 0 +++ [pid 344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=344, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file1/lost+found") = 0 umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./11/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/file0") = 0 umount2("./11/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/file1") = 0 umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./11/file1/file0") = 0 umount2("./11/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file1") = 0 umount2("./11/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file2") = 0 umount2("./11/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file3") = 0 umount2("./11/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = -1 EBUSY (Device or resource busy) [ 25.038425][ T345] EXT4-fs (loop0): Ignoring removed orlov option [ 25.044623][ T345] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 25.059146][ T345] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 348 ./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x555586eca6a0, 24) = 0 [pid 348] chdir("./12") = 0 [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 348] setpgid(0, 0) = 0 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 348] write(3, "1000", 4) = 4 [pid 348] close(3) = 0 [pid 348] symlink("/dev/binderfs", "./binderfs") = 0 [pid 348] write(1, "executing program\n", 18executing program ) = 18 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 348] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[349]}, 88) = 349 [pid 348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 348] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] memfd_create("syzkaller", 0) = 3 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 349] munmap(0x7f55e3653000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 349] close(3) = 0 [pid 349] close(4) = 0 [pid 349] mkdir("./file1", 0777) = 0 [pid 349] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 349] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 349] chdir("./file1") = 0 [pid 349] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_CLR_FD) = 0 [pid 349] close(4) = 0 [pid 349] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... futex resumed>) = 0 [pid 349] chdir("./file0") = 0 [pid 349] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] <... futex resumed>) = 1 [pid 349] creat("./bus", 000) = 4 [pid 349] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 349] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 349] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 349] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 349] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 348] exit_group(0) = ? [pid 349] +++ exited with 0 +++ [pid 348] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=348, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file1/lost+found") = 0 umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./12/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/file0") = 0 umount2("./12/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/file1") = 0 umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./12/file1/file0") = 0 umount2("./12/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file1") = 0 umount2("./12/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file2") = 0 [ 25.142866][ T349] loop0: detected capacity change from 0 to 1024 [ 25.152226][ T349] EXT4-fs (loop0): Ignoring removed orlov option [ 25.158431][ T349] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 25.169232][ T349] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./12/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file3") = 0 umount2("./12/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = -1 EBUSY (Device or resource busy) umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x555586eca6a0, 24) = 0 [pid 352] chdir("./13") = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4executing program ) = 4 [pid 352] close(3) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 352] write(1, "executing program\n", 18) = 18 [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 352] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[353]}, 88) = 353 [pid 352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 352] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 353] memfd_create("syzkaller", 0) = 3 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 353] munmap(0x7f55e3653000, 138412032) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 353] close(3) = 0 [pid 353] close(4) = 0 [pid 353] mkdir("./file1", 0777) = 0 [ 25.327788][ T353] loop0: detected capacity change from 0 to 1024 [pid 353] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 353] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 353] chdir("./file1") = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 353] ioctl(4, LOOP_CLR_FD) = 0 [pid 353] close(4) = 0 [pid 353] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 353] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] <... futex resumed>) = 0 [pid 353] chdir("./file0") = 0 [pid 353] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] <... futex resumed>) = 1 [pid 353] creat("./bus", 000) = 4 [pid 353] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 352] <... futex resumed>) = 0 [pid 353] <... mount resumed>) = 0 [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] <... open resumed>) = 5 [pid 353] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 353] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 353] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 352] <... futex resumed>) = 0 [pid 352] exit_group(0) = ? [pid 353] +++ exited with 0 +++ [pid 352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file1/lost+found") = 0 umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./13/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/file0") = 0 umount2("./13/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/file1") = 0 umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./13/file1/file0") = 0 umount2("./13/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file1") = 0 umount2("./13/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file2") = 0 umount2("./13/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file3") = 0 umount2("./13/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = -1 EBUSY (Device or resource busy) [ 25.408405][ T353] EXT4-fs (loop0): Ignoring removed orlov option [ 25.414588][ T353] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 25.429053][ T353] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 357 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x555586eca6a0, 24) = 0 [pid 357] chdir("./14") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] write(1, "executing program\n", 18) = 18 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 357] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[358]}, 88) = 358 [pid 357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] memfd_create("syzkaller", 0) = 3 [pid 358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 358] munmap(0x7f55e3653000, 138412032) = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 358] close(3) = 0 [pid 358] close(4) = 0 [pid 358] mkdir("./file1", 0777) = 0 [ 25.568634][ T358] loop0: detected capacity change from 0 to 1024 [pid 358] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 358] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 358] chdir("./file1") = 0 [pid 358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 358] ioctl(4, LOOP_CLR_FD) = 0 [pid 358] close(4) = 0 [pid 358] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] chdir("./file0" [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... chdir resumed>) = 0 [pid 358] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] creat("./bus", 000) = 4 [pid 358] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 358] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 358] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 358] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 358] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] exit_group(0) = ? [pid 358] +++ exited with 0 +++ [pid 357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=357, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file1/lost+found") = 0 umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./14/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/file0") = 0 umount2("./14/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/file1") = 0 umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./14/file1/file0") = 0 umount2("./14/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file1") = 0 umount2("./14/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file2") = 0 umount2("./14/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file3") = 0 umount2("./14/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = -1 EBUSY (Device or resource busy) [ 25.658363][ T358] EXT4-fs (loop0): Ignoring removed orlov option [ 25.664538][ T358] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 25.679023][ T358] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x555586eca6a0, 24) = 0 [pid 361] chdir("./15") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 361] write(1, "executing program\n", 18) = 18 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 361] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 362 attached => {parent_tid=[362]}, 88) = 362 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 362] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] memfd_create("syzkaller", 0) = 3 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 362] munmap(0x7f55e3653000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 362] close(3) = 0 [pid 362] close(4) = 0 [pid 362] mkdir("./file1", 0777) = 0 [ 25.848391][ T362] loop0: detected capacity change from 0 to 1024 [pid 362] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 362] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 362] chdir("./file1") = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 362] ioctl(4, LOOP_CLR_FD) = 0 [pid 362] close(4) = 0 [pid 362] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 0 [pid 362] chdir("./file0") = 0 [pid 362] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] <... futex resumed>) = 1 [pid 362] creat("./bus", 000) = 4 [pid 362] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 362] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 362] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 362] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 362] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 362] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 361] <... futex resumed>) = 0 [pid 362] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] exit_group(0) = ? [pid 362] <... futex resumed>) = ? [pid 362] +++ exited with 0 +++ [pid 361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./15/file1/lost+found") = 0 umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./15/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/file0") = 0 umount2("./15/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/file1") = 0 umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 [ 25.940189][ T362] EXT4-fs (loop0): Ignoring removed orlov option [ 25.946387][ T362] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 25.959025][ T362] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. close(5) = 0 rmdir("./15/file1/file0") = 0 umount2("./15/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file1") = 0 umount2("./15/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file2") = 0 umount2("./15/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file3") = 0 umount2("./15/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = -1 EBUSY (Device or resource busy) [ 26.008963][ T293] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz-executor171: inode #1: comm syz-executor171: iget: illegal inode # [ 26.022873][ T293] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor171: error while reading EA inode 1 err=-117 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555586eca6a0, 24) = 0 [pid 365] chdir("./16") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] write(1, "executing program\n", 18) = 18 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 365] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[366]}, 88) = 366 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] memfd_create("syzkaller", 0) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 366] munmap(0x7f55e3653000, 138412032) = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 366] close(3) = 0 [pid 366] close(4) = 0 [pid 366] mkdir("./file1", 0777) = 0 [ 26.097660][ T366] loop0: detected capacity change from 0 to 1024 [pid 366] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 366] chdir("./file1") = 0 [pid 366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_CLR_FD) = 0 [pid 366] close(4) = 0 [pid 366] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] chdir("./file0") = 0 [pid 366] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] creat("./bus", 000) = 4 [pid 366] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 366] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 366] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 366] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] readv(-1, [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... readv resumed>0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 366] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 365] exit_group(0) = ? [pid 366] +++ exited with 0 +++ [pid 365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file1/lost+found") = 0 umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./16/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/file0") = 0 umount2("./16/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/file1") = 0 umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./16/file1/file0") = 0 umount2("./16/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file1") = 0 umount2("./16/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file2") = 0 umount2("./16/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file3") = 0 umount2("./16/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = -1 EBUSY (Device or resource busy) [ 26.188317][ T366] EXT4-fs (loop0): Ignoring removed orlov option [ 26.194504][ T366] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 26.209112][ T366] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555586eca690) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555586eca6a0, 24) = 0 [pid 369] chdir("./17") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 369] write(1, "executing program\n", 18) = 18 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 369] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 370 attached => {parent_tid=[370]}, 88) = 370 [pid 370] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 369] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 1 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 370] memfd_create("syzkaller", 0) = 3 [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 370] munmap(0x7f55e3653000, 138412032) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 370] close(3) = 0 [ 26.371462][ T370] loop0: detected capacity change from 0 to 1024 [pid 370] close(4) = 0 [pid 370] mkdir("./file1", 0777) = 0 [pid 370] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 370] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("./file1") = 0 [pid 370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_CLR_FD) = 0 [pid 370] close(4) = 0 [pid 370] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] chdir("./file0") = 0 [pid 370] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] creat("./bus", 000) = 4 [pid 370] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 370] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 370] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 1 [pid 370] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 370] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 370] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] exit_group(0) = ? [pid 370] +++ exited with 0 +++ [pid 369] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file1/lost+found") = 0 umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./17/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/file0") = 0 umount2("./17/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/file1") = 0 umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./17/file1/file0") = 0 umount2("./17/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file1") = 0 umount2("./17/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file2") = 0 umount2("./17/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file3") = 0 umount2("./17/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = -1 EBUSY (Device or resource busy) [ 26.478368][ T370] EXT4-fs (loop0): Ignoring removed orlov option [ 26.484554][ T370] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 26.499381][ T370] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x555586eca6a0, 24) = 0 [pid 374] chdir("./18") = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3) = 0 [pid 374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 374] write(1, "executing program\n", 18executing program ) = 18 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 374] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[375]}, 88) = 375 [pid 374] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 375 attached NULL, 8) = 0 [pid 374] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 375] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 375] memfd_create("syzkaller", 0) = 3 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 375] munmap(0x7f55e3653000, 138412032) = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 375] close(3) = 0 [pid 375] close(4) = 0 [pid 375] mkdir("./file1", 0777) = 0 [ 26.654052][ T375] loop0: detected capacity change from 0 to 1024 [pid 375] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 375] chdir("./file1") = 0 [pid 375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 375] ioctl(4, LOOP_CLR_FD) = 0 [pid 375] close(4) = 0 [pid 375] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] chdir("./file0") = 0 [pid 375] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 1 [pid 375] creat("./bus", 000) = 4 [pid 375] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 375] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 375] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 375] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 375] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] exit_group(0) = ? [pid 375] +++ exited with 0 +++ [pid 374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=374, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file1/lost+found") = 0 umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./18/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/file0") = 0 umount2("./18/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/file1") = 0 umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./18/file1/file0") = 0 umount2("./18/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file1") = 0 umount2("./18/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file2") = 0 umount2("./18/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file3") = 0 umount2("./18/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = -1 EBUSY (Device or resource busy) [ 26.738367][ T375] EXT4-fs (loop0): Ignoring removed orlov option [ 26.744544][ T375] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 26.759233][ T375] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x555586eca6a0, 24) = 0 [pid 379] chdir("./19") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18) = 18 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 379] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[380]}, 88) = 380 [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 380] memfd_create("syzkaller", 0) = 3 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 380] munmap(0x7f55e3653000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 380] close(3) = 0 [pid 380] close(4) = 0 [pid 380] mkdir("./file1", 0777) = 0 [ 26.860964][ T380] loop0: detected capacity change from 0 to 1024 [pid 380] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 380] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 380] chdir("./file1") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 380] ioctl(4, LOOP_CLR_FD) = 0 [pid 380] close(4) = 0 [pid 380] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] chdir("./file0") = 0 [pid 380] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] creat("./bus", 000) = 4 [pid 380] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 380] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 380] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 1 [pid 380] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 380] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 380] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] exit_group(0) = ? [pid 380] +++ exited with 0 +++ [pid 379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file1/lost+found") = 0 umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./19/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/file0") = 0 umount2("./19/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/file1") = 0 umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./19/file1/file0") = 0 umount2("./19/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file1") = 0 umount2("./19/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file2") = 0 umount2("./19/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file3") = 0 umount2("./19/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = -1 EBUSY (Device or resource busy) [ 26.938404][ T380] EXT4-fs (loop0): Ignoring removed orlov option [ 26.944575][ T380] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 26.959332][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 383 ./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x555586eca6a0, 24) = 0 [pid 383] chdir("./20") = 0 [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 383] setpgid(0, 0) = 0 [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 383] write(3, "1000", 4) = 4 [pid 383] close(3) = 0 [pid 383] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 383] write(1, "executing program\n", 18) = 18 [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 383] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[384]}, 88) = 384 ./strace-static-x86_64: Process 384 attached [pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 383] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 384] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 384] memfd_create("syzkaller", 0) = 3 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 384] munmap(0x7f55e3653000, 138412032) = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 384] close(3) = 0 [pid 384] close(4) = 0 [pid 384] mkdir("./file1", 0777) = 0 [ 27.128240][ T384] loop0: detected capacity change from 0 to 1024 [pid 384] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 384] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 384] chdir("./file1") = 0 [pid 384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 384] ioctl(4, LOOP_CLR_FD) = 0 [pid 384] close(4) = 0 [pid 384] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 0 [pid 384] chdir("./file0") = 0 [pid 384] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 1 [pid 384] creat("./bus", 000) = 4 [pid 384] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 1 [pid 384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 384] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 384] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 384] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] readv(-1, [pid 383] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... readv resumed>0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 384] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 383] <... futex resumed>) = 0 [pid 383] exit_group(0) = ? [pid 384] +++ exited with 0 +++ [pid 383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=383, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file1/lost+found") = 0 umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./20/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/file0") = 0 umount2("./20/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/file1") = 0 umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./20/file1/file0") = 0 umount2("./20/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file1") = 0 umount2("./20/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file2") = 0 umount2("./20/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file3") = 0 umount2("./20/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = -1 EBUSY (Device or resource busy) [ 27.228466][ T384] EXT4-fs (loop0): Ignoring removed orlov option [ 27.234647][ T384] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 27.249095][ T384] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x555586eca6a0, 24) = 0 [pid 387] chdir("./21") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] write(1, "executing program\n", 18executing program ) = 18 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 387] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 388 attached => {parent_tid=[388]}, 88) = 388 [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 387] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] set_robust_list(0x7f55eba739a0, 24 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 388] <... set_robust_list resumed>) = 0 [pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 388] memfd_create("syzkaller", 0) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 388] munmap(0x7f55e3653000, 138412032) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 388] close(3) = 0 [pid 388] close(4) = 0 [pid 388] mkdir("./file1", 0777) = 0 [ 27.363971][ T388] loop0: detected capacity change from 0 to 1024 [pid 388] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 388] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 388] chdir("./file1") = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_CLR_FD) = 0 [pid 388] close(4) = 0 [pid 388] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 0 [pid 388] chdir("./file0") = 0 [pid 388] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] creat("./bus", 000) = 4 [pid 388] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 388] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 387] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] <... mount resumed>) = 0 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 388] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 388] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 388] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] <... futex resumed>) = 0 [pid 387] exit_group(0) = ? [pid 388] +++ exited with 0 +++ [pid 387] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=387, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file1/lost+found") = 0 umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./21/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/file0") = 0 umount2("./21/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/file1") = 0 umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./21/file1/file0") = 0 umount2("./21/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file1") = 0 umount2("./21/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file2") = 0 umount2("./21/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file3") = 0 umount2("./21/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = -1 EBUSY (Device or resource busy) [ 27.448393][ T388] EXT4-fs (loop0): Ignoring removed orlov option [ 27.456160][ T388] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 27.469148][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 392 ./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x555586eca6a0, 24) = 0 [pid 392] chdir("./22") = 0 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 392] setpgid(0, 0) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 392] write(3, "1000", 4) = 4 [pid 392] close(3) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 392] write(1, "executing program\n", 18) = 18 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 392] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[393]}, 88) = 393 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] memfd_create("syzkaller", 0) = 3 [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 393] munmap(0x7f55e3653000, 138412032) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 393] close(3) = 0 [pid 393] close(4) = 0 [pid 393] mkdir("./file1", 0777) = 0 [ 27.607861][ T393] loop0: detected capacity change from 0 to 1024 [ 27.615804][ T393] EXT4-fs (loop0): Ignoring removed orlov option [ 27.622001][ T393] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 393] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 393] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 393] chdir("./file1") = 0 [pid 393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_CLR_FD) = 0 [pid 393] close(4) = 0 [pid 393] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] chdir("./file0") = 0 [pid 393] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] creat("./bus", 000) = 4 [pid 393] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 393] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 393] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 393] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 393] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] exit_group(0) = ? [pid 393] <... futex resumed>) = ? [pid 393] +++ exited with 0 +++ [pid 392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/file1/lost+found") = 0 umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./22/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/file0") = 0 umount2("./22/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/file1") = 0 umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./22/file1/file0") = 0 umount2("./22/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file1") = 0 umount2("./22/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file2") = 0 umount2("./22/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file3") = 0 umount2("./22/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = -1 EBUSY (Device or resource busy) [ 27.639144][ T393] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 396 ./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x555586eca6a0, 24) = 0 [pid 396] chdir("./23") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] write(1, "executing program\n", 18) = 18 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 396] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[397]}, 88) = 397 [pid 396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 396] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] memfd_create("syzkaller", 0) = 3 [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 397] munmap(0x7f55e3653000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 397] close(3) = 0 [pid 397] close(4) = 0 [pid 397] mkdir("./file1", 0777) = 0 [ 27.728389][ T397] loop0: detected capacity change from 0 to 1024 [pid 397] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 397] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 397] chdir("./file1") = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_CLR_FD) = 0 [pid 397] close(4) = 0 [pid 397] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 0 [pid 397] chdir("./file0") = 0 [pid 397] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 1 [pid 397] creat("./bus", 000) = 4 [pid 397] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 1 [pid 397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 397] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 397] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 0 [pid 397] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 397] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 1 [pid 397] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 397] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 397] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 396] exit_group(0) = ? [pid 397] +++ exited with 0 +++ [pid 396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file1/lost+found") = 0 umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./23/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/file0") = 0 umount2("./23/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/file1") = 0 umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./23/file1/file0") = 0 umount2("./23/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file1") = 0 umount2("./23/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file2") = 0 umount2("./23/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file3") = 0 umount2("./23/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = -1 EBUSY (Device or resource busy) [ 27.798413][ T397] EXT4-fs (loop0): Ignoring removed orlov option [ 27.804590][ T397] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 27.819110][ T397] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 400 ./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x555586eca6a0, 24) = 0 [pid 400] chdir("./24") = 0 [pid 400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 400] setpgid(0, 0) = 0 [pid 400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 400] write(3, "1000", 4) = 4 [pid 400] close(3) = 0 [pid 400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 400] write(1, "executing program\n", 18executing program ) = 18 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 400] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 400] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 400] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[401]}, 88) = 401 [pid 400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 400] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 401] memfd_create("syzkaller", 0) = 3 [pid 401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 401] munmap(0x7f55e3653000, 138412032) = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 401] close(3) = 0 [pid 401] close(4) = 0 [pid 401] mkdir("./file1", 0777) = 0 [ 27.903200][ T401] loop0: detected capacity change from 0 to 1024 [pid 401] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 401] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 401] chdir("./file1") = 0 [pid 401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 401] ioctl(4, LOOP_CLR_FD) = 0 [pid 401] close(4) = 0 [pid 401] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 0 [pid 401] chdir("./file0") = 0 [pid 401] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 1 [pid 401] creat("./bus", 000) = 4 [pid 401] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 401] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 401] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 401] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 401] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 400] <... futex resumed>) = 0 [pid 400] exit_group(0) = ? [pid 401] +++ exited with 0 +++ [pid 400] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=400, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file1/lost+found") = 0 umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./24/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/file0") = 0 umount2("./24/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/file1") = 0 umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./24/file1/file0") = 0 umount2("./24/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file1") = 0 umount2("./24/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file2") = 0 umount2("./24/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file3") = 0 umount2("./24/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = -1 EBUSY (Device or resource busy) [ 27.988348][ T401] EXT4-fs (loop0): Ignoring removed orlov option [ 27.994522][ T401] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 28.009088][ T401] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x555586eca6a0, 24) = 0 [pid 404] chdir("./25") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 404] write(1, "executing program\n", 18) = 18 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 404] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[405]}, 88) = 405 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] memfd_create("syzkaller", 0) = 3 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 405] munmap(0x7f55e3653000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 405] close(3) = 0 [pid 405] close(4) = 0 [pid 405] mkdir("./file1", 0777) = 0 [ 28.168968][ T405] loop0: detected capacity change from 0 to 1024 [pid 405] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 405] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 405] chdir("./file1") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 405] ioctl(4, LOOP_CLR_FD) = 0 [pid 405] close(4) = 0 [pid 405] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] chdir("./file0") = 0 [pid 405] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] creat("./bus", 000) = 4 [pid 405] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 405] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 405] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 1 [pid 405] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 405] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 404] <... futex resumed>) = 0 [pid 405] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... futex resumed>) = 0 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] exit_group(0) = ? [pid 405] +++ exited with 0 +++ [pid 404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file1/lost+found") = 0 umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./25/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/file0") = 0 umount2("./25/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/file1") = 0 umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./25/file1/file0") = 0 umount2("./25/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file1") = 0 umount2("./25/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file2") = 0 umount2("./25/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file3") = 0 umount2("./25/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = -1 EBUSY (Device or resource busy) [ 28.248621][ T405] EXT4-fs (loop0): Ignoring removed orlov option [ 28.254800][ T405] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 28.269421][ T405] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x555586eca6a0, 24) = 0 [pid 409] chdir("./26") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] write(1, "executing program\n", 18) = 18 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 409] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[410]}, 88) = 410 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] memfd_create("syzkaller", 0) = 3 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 410] munmap(0x7f55e3653000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 410] close(3) = 0 [pid 410] close(4) = 0 [pid 410] mkdir("./file1", 0777) = 0 [ 28.408212][ T410] loop0: detected capacity change from 0 to 1024 [pid 410] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 410] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 410] chdir("./file1") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_CLR_FD) = 0 [pid 410] close(4) = 0 [pid 410] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] chdir("./file0" [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... chdir resumed>) = 0 [pid 410] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] creat("./bus", 000 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... creat resumed>) = 4 [pid 410] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 410] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 410] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... mmap resumed>) = 0x20000000 [pid 410] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 410] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] <... futex resumed>) = 0 [pid 409] exit_group(0 [pid 410] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] <... exit_group resumed>) = ? [pid 410] <... futex resumed>) = ? [pid 410] +++ exited with 0 +++ [pid 409] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=409, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file1/lost+found") = 0 umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./26/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/file0") = 0 umount2("./26/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/file1") = 0 umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./26/file1/file0") = 0 umount2("./26/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file1") = 0 umount2("./26/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file2") = 0 umount2("./26/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file3") = 0 umount2("./26/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = -1 EBUSY (Device or resource busy) [ 28.488378][ T410] EXT4-fs (loop0): Ignoring removed orlov option [ 28.494687][ T410] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 28.509099][ T410] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x555586eca6a0, 24) = 0 [pid 414] chdir("./27") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18executing program ) = 18 [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 414] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[415]}, 88) = 415 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] memfd_create("syzkaller", 0) = 3 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 415] munmap(0x7f55e3653000, 138412032) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 415] close(3) = 0 [pid 415] close(4) = 0 [pid 415] mkdir("./file1", 0777) = 0 [ 28.613477][ T415] loop0: detected capacity change from 0 to 1024 [ 28.623617][ T415] EXT4-fs (loop0): Ignoring removed orlov option [ 28.629906][ T415] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 415] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 415] chdir("./file1") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_CLR_FD) = 0 [pid 415] close(4) = 0 [pid 415] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] chdir("./file0") = 0 [pid 415] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] creat("./bus", 000) = 4 [pid 415] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 1 [pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 415] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 415] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 415] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] readv(-1, [pid 414] <... futex resumed>) = 0 [pid 415] <... readv resumed>0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 414] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 414] exit_group(0) = ? [pid 415] +++ exited with 0 +++ [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file1/lost+found") = 0 umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./27/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/file0") = 0 umount2("./27/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/file1") = 0 umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./27/file1/file0") = 0 umount2("./27/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file1") = 0 umount2("./27/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file2") = 0 umount2("./27/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file3") = 0 umount2("./27/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = -1 EBUSY (Device or resource busy) [ 28.639035][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 418 ./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x555586eca6a0, 24) = 0 [pid 418] chdir("./28") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3) = 0 [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] write(1, "executing program\n", 18executing program ) = 18 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 418] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[419]}, 88) = 419 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] memfd_create("syzkaller", 0) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 419] munmap(0x7f55e3653000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 419] close(3) = 0 [pid 419] close(4) = 0 [pid 419] mkdir("./file1", 0777) = 0 [ 28.779302][ T419] loop0: detected capacity change from 0 to 1024 [pid 419] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 419] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 419] chdir("./file1") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 419] ioctl(4, LOOP_CLR_FD) = 0 [pid 419] close(4) = 0 [pid 419] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 0 [pid 419] chdir("./file0") = 0 [pid 419] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 [pid 419] creat("./bus", 000) = 4 [pid 419] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 [pid 419] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 419] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 419] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 1 [pid 419] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 419] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 0 [pid 419] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 419] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] exit_group(0) = ? [pid 419] <... futex resumed>) = ? [pid 419] +++ exited with 0 +++ [pid 418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file1/lost+found") = 0 umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./28/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/file0") = 0 umount2("./28/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/file1") = 0 umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./28/file1/file0") = 0 umount2("./28/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file1") = 0 umount2("./28/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file2") = 0 umount2("./28/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file3") = 0 umount2("./28/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = -1 EBUSY (Device or resource busy) [ 28.858419][ T419] EXT4-fs (loop0): Ignoring removed orlov option [ 28.864593][ T419] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 28.879302][ T419] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 422 ./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x555586eca6a0, 24) = 0 [pid 422] chdir("./29") = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 422] setpgid(0, 0) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 422] write(3, "1000", 4) = 4 [pid 422] close(3) = 0 [pid 422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 422] write(1, "executing program\n", 18) = 18 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 422] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[423]}, 88) = 423 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] memfd_create("syzkaller", 0) = 3 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 423] munmap(0x7f55e3653000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 423] close(3) = 0 [pid 423] close(4) = 0 [pid 423] mkdir("./file1", 0777) = 0 [ 29.048060][ T423] loop0: detected capacity change from 0 to 1024 [pid 423] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 423] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 423] chdir("./file1") = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_CLR_FD) = 0 [pid 423] close(4) = 0 [pid 423] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] chdir("./file0") = 0 [pid 423] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] creat("./bus", 000) = 4 [pid 423] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 423] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 423] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 423] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 423] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 422] <... futex resumed>) = 0 [pid 423] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] exit_group(0) = ? [pid 423] <... futex resumed>) = ? [pid 423] +++ exited with 0 +++ [pid 422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=422, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file1/lost+found") = 0 umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./29/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/file0") = 0 umount2("./29/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/file1") = 0 umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./29/file1/file0") = 0 umount2("./29/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file1") = 0 umount2("./29/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file2") = 0 umount2("./29/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file3") = 0 umount2("./29/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = -1 EBUSY (Device or resource busy) [ 29.128351][ T423] EXT4-fs (loop0): Ignoring removed orlov option [ 29.134535][ T423] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 29.149011][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 426 ./strace-static-x86_64: Process 426 attached executing program [pid 426] set_robust_list(0x555586eca6a0, 24) = 0 [pid 426] chdir("./30") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] write(1, "executing program\n", 18) = 18 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 426] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 427 attached => {parent_tid=[427]}, 88) = 427 [pid 426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 426] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 427] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] memfd_create("syzkaller", 0) = 3 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 427] munmap(0x7f55e3653000, 138412032) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 427] close(3) = 0 [pid 427] close(4) = 0 [pid 427] mkdir("./file1", 0777) = 0 [ 29.290128][ T427] loop0: detected capacity change from 0 to 1024 [pid 427] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 427] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 427] chdir("./file1") = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] close(4) = 0 [pid 427] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] chdir("./file0" [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... chdir resumed>) = 0 [pid 427] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] creat("./bus", 000) = 4 [pid 427] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 427] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 427] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 427] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 427] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] exit_group(0) = ? [pid 427] +++ exited with 0 +++ [pid 426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file1/lost+found") = 0 umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./30/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/file0") = 0 umount2("./30/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/file1") = 0 umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./30/file1/file0") = 0 umount2("./30/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file1") = 0 umount2("./30/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file2") = 0 umount2("./30/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file3") = 0 umount2("./30/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = -1 EBUSY (Device or resource busy) [ 29.340442][ T427] EXT4-fs (loop0): Ignoring removed orlov option [ 29.346594][ T427] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 29.359173][ T427] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 431 ./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x555586eca6a0, 24) = 0 [pid 431] chdir("./31") = 0 [pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 431] setpgid(0, 0) = 0 [pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 431] write(3, "1000", 4) = 4 [pid 431] close(3) = 0 [pid 431] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 431] write(1, "executing program\n", 18) = 18 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 431] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[432]}, 88) = 432 [pid 431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 431] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] memfd_create("syzkaller", 0) = 3 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 432] munmap(0x7f55e3653000, 138412032) = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 432] close(3) = 0 [pid 432] close(4) = 0 [pid 432] mkdir("./file1", 0777) = 0 [ 29.488296][ T432] loop0: detected capacity change from 0 to 1024 [ 29.495700][ T432] EXT4-fs (loop0): Ignoring removed orlov option [ 29.502052][ T432] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 432] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 432] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 432] chdir("./file1") = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 432] ioctl(4, LOOP_CLR_FD) = 0 [pid 432] close(4) = 0 [pid 432] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... futex resumed>) = 0 [pid 432] chdir("./file0") = 0 [pid 432] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... futex resumed>) = 1 [pid 432] creat("./bus", 000) = 4 [pid 432] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 432] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 431] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... mount resumed>) = 0 [pid 431] <... futex resumed>) = 0 [pid 432] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 432] <... futex resumed>) = 0 [pid 432] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC [pid 431] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... open resumed>) = 5 [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 432] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 431] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... mmap resumed>) = 0x20000000 [pid 432] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 432] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 431] exit_group(0) = ? [pid 432] +++ exited with 0 +++ [pid 431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file1/lost+found") = 0 umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./31/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/file0") = 0 umount2("./31/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/file1") = 0 umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./31/file1/file0") = 0 umount2("./31/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file1") = 0 umount2("./31/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file2") = 0 umount2("./31/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file3") = 0 umount2("./31/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = -1 EBUSY (Device or resource busy) [ 29.519195][ T432] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x555586eca6a0, 24) = 0 [pid 435] chdir("./32") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 executing program [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] write(1, "executing program\n", 18) = 18 [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 435] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[436]}, 88) = 436 [pid 435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 435] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 436] memfd_create("syzkaller", 0) = 3 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 436] munmap(0x7f55e3653000, 138412032) = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 436] close(3) = 0 [pid 436] close(4) = 0 [pid 436] mkdir("./file1", 0777) = 0 [ 29.611517][ T436] loop0: detected capacity change from 0 to 1024 [pid 436] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 436] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 436] chdir("./file1") = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_CLR_FD) = 0 [pid 436] close(4) = 0 [pid 436] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] chdir("./file0") = 0 [pid 436] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] creat("./bus", 000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... creat resumed>) = 4 [pid 436] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 436] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 436] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... mmap resumed>) = 0x20000000 [pid 436] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] readv(-1, [pid 435] <... futex resumed>) = 0 [pid 436] <... readv resumed>0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 435] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] exit_group(0) = ? [pid 436] +++ exited with 0 +++ [pid 435] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file1/lost+found") = 0 umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./32/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/file0") = 0 umount2("./32/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/file1") = 0 umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./32/file1/file0") = 0 umount2("./32/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file1") = 0 umount2("./32/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file2") = 0 umount2("./32/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file3") = 0 umount2("./32/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = -1 EBUSY (Device or resource busy) [ 29.660229][ T436] EXT4-fs (loop0): Ignoring removed orlov option [ 29.666407][ T436] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 29.679327][ T436] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x555586eca6a0, 24) = 0 [pid 439] chdir("./33") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18executing program ) = 18 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 439] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[440]}, 88) = 440 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] memfd_create("syzkaller", 0) = 3 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 440] munmap(0x7f55e3653000, 138412032) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 440] close(3) = 0 [pid 440] close(4) = 0 [pid 440] mkdir("./file1", 0777) = 0 [ 29.781866][ T440] loop0: detected capacity change from 0 to 1024 [pid 440] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 440] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 440] chdir("./file1") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 440] ioctl(4, LOOP_CLR_FD) = 0 [pid 440] close(4) = 0 [pid 440] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 440] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 0 [pid 440] chdir("./file0") = 0 [pid 440] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] creat("./bus", 000) = 4 [pid 440] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 440] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 440] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 0 [pid 440] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 440] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 440] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 440] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] exit_group(0) = ? [pid 440] +++ exited with 0 +++ [pid 439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file1/lost+found") = 0 umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./33/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/file0") = 0 umount2("./33/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/file1") = 0 umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./33/file1/file0") = 0 umount2("./33/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file1") = 0 umount2("./33/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file2") = 0 umount2("./33/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file3") = 0 umount2("./33/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = -1 EBUSY (Device or resource busy) [ 29.858346][ T440] EXT4-fs (loop0): Ignoring removed orlov option [ 29.864518][ T440] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 29.879101][ T440] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 443 ./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x555586eca6a0, 24) = 0 [pid 443] chdir("./34") = 0 [pid 443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 443] setpgid(0, 0) = 0 [pid 443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 443] write(3, "1000", 4) = 4 [pid 443] close(3) = 0 [pid 443] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 443] write(1, "executing program\n", 18) = 18 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 443] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 444 attached => {parent_tid=[444]}, 88) = 444 [pid 443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 443] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 444] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 444] memfd_create("syzkaller", 0) = 3 [pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 444] munmap(0x7f55e3653000, 138412032) = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 444] close(3) = 0 [pid 444] close(4) = 0 [pid 444] mkdir("./file1", 0777) = 0 [ 30.008904][ T444] loop0: detected capacity change from 0 to 1024 [pid 444] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 444] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 444] chdir("./file1") = 0 [pid 444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 444] ioctl(4, LOOP_CLR_FD) = 0 [pid 444] close(4) = 0 [pid 444] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] chdir("./file0") = 0 [pid 444] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] creat("./bus", 000) = 4 [pid 444] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 444] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 444] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 444] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 444] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 443] exit_group(0) = ? [pid 444] <... futex resumed>) = ? [pid 444] +++ exited with 0 +++ [pid 443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=443, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file1/lost+found") = 0 umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./34/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/file0") = 0 umount2("./34/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/file1") = 0 umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./34/file1/file0") = 0 umount2("./34/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file1") = 0 umount2("./34/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file2") = 0 umount2("./34/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file3") = 0 umount2("./34/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = -1 EBUSY (Device or resource busy) [ 30.098411][ T444] EXT4-fs (loop0): Ignoring removed orlov option [ 30.104590][ T444] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.119092][ T444] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 447 ./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x555586eca6a0, 24) = 0 [pid 447] chdir("./35") = 0 [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 447] setpgid(0, 0) = 0 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 447] write(3, "1000", 4) = 4 [pid 447] close(3) = 0 [pid 447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 447] write(1, "executing program\n", 18) = 18 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 447] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[448]}, 88) = 448 ./strace-static-x86_64: Process 448 attached [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] set_robust_list(0x7f55eba739a0, 24 [pid 447] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... set_robust_list resumed>) = 0 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] memfd_create("syzkaller", 0 [pid 447] <... futex resumed>) = 0 [pid 448] <... memfd_create resumed>) = 3 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 448] munmap(0x7f55e3653000, 138412032) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 448] close(3) = 0 [pid 448] close(4) = 0 [pid 448] mkdir("./file1", 0777) = 0 [ 30.251293][ T448] loop0: detected capacity change from 0 to 1024 [pid 448] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 448] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 448] chdir("./file1") = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_CLR_FD) = 0 [pid 448] close(4) = 0 [pid 448] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] chdir("./file0") = 0 [pid 448] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] creat("./bus", 000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... creat resumed>) = 4 [pid 448] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 448] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 448] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... mmap resumed>) = 0x20000000 [pid 448] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 448] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] exit_group(0) = ? [pid 448] +++ exited with 0 +++ [pid 447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file1/lost+found") = 0 umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./35/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/file0") = 0 umount2("./35/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/file1") = 0 umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./35/file1/file0") = 0 umount2("./35/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file1") = 0 umount2("./35/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file2") = 0 umount2("./35/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file3") = 0 umount2("./35/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = -1 EBUSY (Device or resource busy) [ 30.318402][ T448] EXT4-fs (loop0): Ignoring removed orlov option [ 30.324580][ T448] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.339273][ T448] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x555586eca6a0, 24) = 0 [pid 452] chdir("./36") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 452] write(1, "executing program\n", 18) = 18 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 452] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 452] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[453]}, 88) = 453 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] memfd_create("syzkaller", 0) = 3 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 453] munmap(0x7f55e3653000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 453] close(3) = 0 [pid 453] close(4) = 0 [pid 453] mkdir("./file1", 0777) = 0 [ 30.448322][ T453] loop0: detected capacity change from 0 to 1024 [ 30.480607][ T453] EXT4-fs (loop0): Ignoring removed orlov option [ 30.486900][ T453] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 453] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 453] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 453] chdir("./file1") = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 453] ioctl(4, LOOP_CLR_FD) = 0 [pid 453] close(4) = 0 [pid 453] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 0 [pid 453] chdir("./file0") = 0 [pid 453] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 453] creat("./bus", 000) = 4 [pid 453] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 453] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 453] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 453] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 453] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 452] <... futex resumed>) = 0 [pid 452] exit_group(0) = ? [pid 453] +++ exited with 0 +++ [pid 452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file1/lost+found") = 0 umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./36/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/file0") = 0 umount2("./36/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/file1") = 0 umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./36/file1/file0") = 0 umount2("./36/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file1") = 0 umount2("./36/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file2") = 0 umount2("./36/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file3") = 0 umount2("./36/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = -1 EBUSY (Device or resource busy) [ 30.499066][ T453] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 456 ./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x555586eca6a0, 24) = 0 [pid 456] chdir("./37") = 0 [pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 456] setpgid(0, 0) = 0 [pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 456] write(3, "1000", 4) = 4 [pid 456] close(3) = 0 [pid 456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 456] write(1, "executing program\n", 18) = 18 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 456] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[457]}, 88) = 457 [pid 456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 456] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 457] munmap(0x7f55e3653000, 138412032) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 457] close(3) = 0 [pid 457] close(4) = 0 [pid 457] mkdir("./file1", 0777) = 0 [ 30.588330][ T457] loop0: detected capacity change from 0 to 1024 [ 30.597085][ T457] EXT4-fs (loop0): Ignoring removed orlov option [ 30.603379][ T457] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 457] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 457] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 457] chdir("./file1") = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_CLR_FD) = 0 [pid 457] close(4) = 0 [pid 457] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] chdir("./file0") = 0 [pid 457] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] creat("./bus", 000) = 4 [pid 457] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 457] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 0 [pid 457] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 457] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 457] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 457] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] exit_group(0) = ? [pid 457] <... futex resumed>) = ? [pid 457] +++ exited with 0 +++ [pid 456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file1/lost+found") = 0 umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./37/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/file0") = 0 umount2("./37/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/file1") = 0 umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./37/file1/file0") = 0 umount2("./37/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file1") = 0 umount2("./37/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file2") = 0 umount2("./37/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file3") = 0 umount2("./37/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = -1 EBUSY (Device or resource busy) [ 30.619313][ T457] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 460 ./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x555586eca6a0, 24) = 0 [pid 460] chdir("./38") = 0 [pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 460] setpgid(0, 0) = 0 [pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 460] write(3, "1000", 4) = 4 [pid 460] close(3) = 0 [pid 460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 460] write(1, "executing program\n", 18) = 18 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 460] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[461]}, 88) = 461 [pid 460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 460] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] memfd_create("syzkaller", 0) = 3 [pid 461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 461] munmap(0x7f55e3653000, 138412032) = 0 [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 461] close(3) = 0 [pid 461] close(4) = 0 [pid 461] mkdir("./file1", 0777) = 0 [ 30.698012][ T461] loop0: detected capacity change from 0 to 1024 [pid 461] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 461] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 461] chdir("./file1") = 0 [pid 461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 461] ioctl(4, LOOP_CLR_FD) = 0 [pid 461] close(4) = 0 [pid 461] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 461] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 0 [pid 461] chdir("./file0") = 0 [pid 461] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] creat("./bus", 000) = 4 [pid 461] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 461] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 461] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 461] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 461] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 460] <... futex resumed>) = 0 [pid 460] exit_group(0) = ? [pid 461] +++ exited with 0 +++ [pid 460] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=460, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file1/lost+found") = 0 umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./38/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/file0") = 0 umount2("./38/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/file1") = 0 umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./38/file1/file0") = 0 umount2("./38/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file1") = 0 umount2("./38/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file2") = 0 umount2("./38/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file3") = 0 umount2("./38/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = -1 EBUSY (Device or resource busy) [ 30.785050][ T461] EXT4-fs (loop0): Ignoring removed orlov option [ 30.791264][ T461] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.809251][ T461] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555586eca690) = 464 ./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x555586eca6a0, 24) = 0 [pid 464] chdir("./39") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 464] write(1, "executing program\n", 18) = 18 [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 464] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[465]}, 88) = 465 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] memfd_create("syzkaller", 0) = 3 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 465] munmap(0x7f55e3653000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 465] close(3) = 0 [pid 465] close(4) = 0 [pid 465] mkdir("./file1", 0777) = 0 [ 30.890334][ T465] loop0: detected capacity change from 0 to 1024 [pid 465] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 465] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 465] chdir("./file1") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 465] ioctl(4, LOOP_CLR_FD) = 0 [pid 465] close(4) = 0 [pid 465] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] chdir("./file0") = 0 [pid 465] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] creat("./bus", 000) = 4 [pid 465] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 1 [pid 465] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 465] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 465] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] <... futex resumed>) = 0 [pid 465] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 465] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] <... futex resumed>) = 0 [pid 465] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 465] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 465] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 465] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 464] <... futex resumed>) = 0 [pid 464] exit_group(0) = ? [pid 465] +++ exited with 0 +++ [pid 464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file1/lost+found") = 0 umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./39/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/file0") = 0 umount2("./39/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/file1") = 0 umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./39/file1/file0") = 0 umount2("./39/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file1") = 0 umount2("./39/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file2") = 0 umount2("./39/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file3") = 0 umount2("./39/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = -1 EBUSY (Device or resource busy) [ 30.948430][ T465] EXT4-fs (loop0): Ignoring removed orlov option [ 30.954644][ T465] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 30.969102][ T465] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 468 ./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x555586eca6a0, 24) = 0 executing program [pid 468] chdir("./40") = 0 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] setpgid(0, 0) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 468] write(3, "1000", 4) = 4 [pid 468] close(3) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 468] write(1, "executing program\n", 18) = 18 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 468] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[469]}, 88) = 469 [pid 468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 468] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 469] memfd_create("syzkaller", 0) = 3 [pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 469] munmap(0x7f55e3653000, 138412032) = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 469] close(3) = 0 [pid 469] close(4) = 0 [pid 469] mkdir("./file1", 0777) = 0 [ 31.089987][ T469] loop0: detected capacity change from 0 to 1024 [pid 469] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 469] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 469] chdir("./file1") = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 469] ioctl(4, LOOP_CLR_FD) = 0 [pid 469] close(4) = 0 [pid 469] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] chdir("./file0") = 0 [pid 469] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] creat("./bus", 000) = 4 [pid 469] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 469] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 469] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 469] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 468] <... futex resumed>) = 0 [pid 469] readv(-1, [pid 468] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... readv resumed>0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 468] <... futex resumed>) = 0 [pid 469] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 468] exit_group(0 [pid 469] <... futex resumed>) = ? [pid 468] <... exit_group resumed>) = ? [pid 469] +++ exited with 0 +++ [pid 468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file1/lost+found") = 0 umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./40/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/file0") = 0 umount2("./40/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/file1") = 0 umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./40/file1/file0") = 0 umount2("./40/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file1") = 0 umount2("./40/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file2") = 0 umount2("./40/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file3") = 0 umount2("./40/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = -1 EBUSY (Device or resource busy) [ 31.178399][ T469] EXT4-fs (loop0): Ignoring removed orlov option [ 31.184846][ T469] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 31.199142][ T469] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 472 attached , child_tidptr=0x555586eca690) = 472 [pid 472] set_robust_list(0x555586eca6a0, 24) = 0 [pid 472] chdir("./41") = 0 [pid 472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 472] setpgid(0, 0) = 0 [pid 472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 472] write(3, "1000", 4) = 4 [pid 472] close(3) = 0 [pid 472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 472] write(1, "executing program\n", 18executing program ) = 18 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 472] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 472] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 472] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 472] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 473] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] <... clone3 resumed> => {parent_tid=[473]}, 88) = 473 [pid 472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 472] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] <... futex resumed>) = 0 [pid 473] memfd_create("syzkaller", 0 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 473] <... memfd_create resumed>) = 3 [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 473] munmap(0x7f55e3653000, 138412032) = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 473] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 473] close(3) = 0 [pid 473] close(4) = 0 [pid 473] mkdir("./file1", 0777) = 0 [ 31.336282][ T473] loop0: detected capacity change from 0 to 1024 [ 31.346911][ T473] EXT4-fs (loop0): Ignoring removed orlov option [ 31.353191][ T473] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 473] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 473] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 473] chdir("./file1") = 0 [pid 473] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 473] ioctl(4, LOOP_CLR_FD) = 0 [pid 473] close(4) = 0 [pid 473] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] chdir("./file0") = 0 [pid 473] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] creat("./bus", 000) = 4 [pid 473] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 473] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 473] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 473] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 472] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 473] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = 0 [pid 472] exit_group(0) = ? [pid 473] <... futex resumed>) = ? [pid 473] +++ exited with 0 +++ [pid 472] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=472, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file1/lost+found") = 0 umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./41/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/file0") = 0 umount2("./41/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/file1") = 0 umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./41/file1/file0") = 0 umount2("./41/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file1") = 0 umount2("./41/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file2") = 0 umount2("./41/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file3") = 0 umount2("./41/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = -1 EBUSY (Device or resource busy) [ 31.369103][ T473] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x555586eca6a0, 24) = 0 [pid 477] chdir("./42") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 477] write(1, "executing program\n", 18) = 18 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 477] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[478]}, 88) = 478 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 478] memfd_create("syzkaller", 0) = 3 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 478] munmap(0x7f55e3653000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 478] close(3) = 0 [pid 478] close(4) = 0 [pid 478] mkdir("./file1", 0777) = 0 [ 31.532509][ T478] loop0: detected capacity change from 0 to 1024 [pid 478] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 478] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 478] chdir("./file1") = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_CLR_FD) = 0 [pid 478] close(4) = 0 [pid 478] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] chdir("./file0") = 0 [pid 478] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] creat("./bus", 000) = 4 [pid 478] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 478] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 0 [pid 478] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 478] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 478] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 478] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] exit_group(0) = ? [pid 478] <... futex resumed>) = ? [pid 478] +++ exited with 0 +++ [pid 477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file1/lost+found") = 0 umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./42/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/file0") = 0 umount2("./42/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/file1") = 0 umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./42/file1/file0") = 0 umount2("./42/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file1") = 0 umount2("./42/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file2") = 0 umount2("./42/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file3") = 0 umount2("./42/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = -1 EBUSY (Device or resource busy) [ 31.618334][ T478] EXT4-fs (loop0): Ignoring removed orlov option [ 31.624621][ T478] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 31.639468][ T478] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 482 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x555586eca6a0, 24) = 0 [pid 482] chdir("./43") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 482] write(1, "executing program\n", 18) = 18 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 482] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[483]}, 88) = 483 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 483] munmap(0x7f55e3653000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 483] close(3) = 0 [pid 483] close(4) = 0 [pid 483] mkdir("./file1", 0777) = 0 [ 31.770251][ T483] loop0: detected capacity change from 0 to 1024 [ 31.785777][ T483] EXT4-fs (loop0): Ignoring removed orlov option [ 31.791983][ T483] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 483] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 483] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 483] chdir("./file1") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_CLR_FD) = 0 [pid 483] close(4) = 0 [pid 483] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] chdir("./file0") = 0 [pid 483] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] creat("./bus", 000) = 4 [pid 483] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 483] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 483] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 483] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 483] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 482] exit_group(0) = ? [pid 483] +++ exited with 0 +++ [pid 482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=482, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file1/lost+found") = 0 umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./43/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/file0") = 0 umount2("./43/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/file1") = 0 umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./43/file1/file0") = 0 umount2("./43/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file1") = 0 umount2("./43/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file2") = 0 umount2("./43/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file3") = 0 umount2("./43/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = -1 EBUSY (Device or resource busy) [ 31.809531][ T483] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 486 ./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x555586eca6a0, 24) = 0 [pid 486] chdir("./44") = 0 [pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 486] setpgid(0, 0) = 0 [pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 486] write(3, "1000", 4) = 4 [pid 486] close(3) = 0 [pid 486] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 486] write(1, "executing program\n", 18) = 18 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 486] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 487 attached => {parent_tid=[487]}, 88) = 487 [pid 487] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 486] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 487] memfd_create("syzkaller", 0 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 487] <... memfd_create resumed>) = 3 [pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 487] munmap(0x7f55e3653000, 138412032) = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 487] close(3) = 0 [pid 487] close(4) = 0 [pid 487] mkdir("./file1", 0777) = 0 [ 31.970229][ T487] loop0: detected capacity change from 0 to 1024 [pid 487] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 487] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 487] chdir("./file1") = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 487] ioctl(4, LOOP_CLR_FD) = 0 [pid 487] close(4) = 0 [pid 487] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... futex resumed>) = 0 [pid 486] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... futex resumed>) = 1 [pid 487] chdir("./file0") = 0 [pid 487] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... futex resumed>) = 0 [pid 486] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... futex resumed>) = 1 [pid 487] creat("./bus", 000) = 4 [pid 487] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... futex resumed>) = 0 [pid 486] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... futex resumed>) = 1 [pid 487] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 487] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... futex resumed>) = 0 [pid 486] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... futex resumed>) = 1 [pid 487] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 487] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... futex resumed>) = 0 [pid 486] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... futex resumed>) = 1 [pid 487] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 487] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... futex resumed>) = 0 [pid 486] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... futex resumed>) = 1 [pid 487] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 487] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] <... futex resumed>) = 0 [pid 486] exit_group(0) = ? [pid 487] <... futex resumed>) = ? [pid 487] +++ exited with 0 +++ [pid 486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=486, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file1/lost+found") = 0 umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./44/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/file0") = 0 umount2("./44/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/file1") = 0 umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./44/file1/file0") = 0 umount2("./44/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file1") = 0 umount2("./44/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file2") = 0 umount2("./44/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file3") = 0 umount2("./44/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = -1 EBUSY (Device or resource busy) umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 32.038392][ T487] EXT4-fs (loop0): Ignoring removed orlov option [ 32.044568][ T487] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 32.059225][ T487] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 490 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x555586eca6a0, 24) = 0 [pid 490] chdir("./45") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs") = 0 [pid 490] write(1, "executing program\n", 18executing program ) = 18 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 490] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 490] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0}./strace-static-x86_64: Process 491 attached => {parent_tid=[491]}, 88) = 491 [pid 491] set_robust_list(0x7f55eba739a0, 24 [pid 490] rt_sigprocmask(SIG_SETMASK, [], [pid 491] <... set_robust_list resumed>) = 0 [pid 490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 491] rt_sigprocmask(SIG_SETMASK, [], [pid 490] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 491] memfd_create("syzkaller", 0) = 3 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 491] munmap(0x7f55e3653000, 138412032) = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 491] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 491] close(3) = 0 [pid 491] close(4) = 0 [pid 491] mkdir("./file1", 0777) = 0 [ 32.129040][ T491] loop0: detected capacity change from 0 to 1024 [pid 491] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 491] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 491] chdir("./file1") = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 491] ioctl(4, LOOP_CLR_FD) = 0 [pid 491] close(4) = 0 [pid 491] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] chdir("./file0") = 0 [pid 491] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] creat("./bus", 000) = 4 [pid 491] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 491] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 491] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 491] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... futex resumed>) = 1 [pid 491] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 491] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] exit_group(0) = ? [pid 491] <... futex resumed>) = ? [pid 491] +++ exited with 0 +++ [pid 490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file1/lost+found") = 0 umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./45/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/file0") = 0 umount2("./45/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/file1") = 0 umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./45/file1/file0") = 0 umount2("./45/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file1") = 0 umount2("./45/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file2") = 0 umount2("./45/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file3") = 0 umount2("./45/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = -1 EBUSY (Device or resource busy) [ 32.188531][ T491] EXT4-fs (loop0): Ignoring removed orlov option [ 32.194896][ T491] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 32.209034][ T491] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 494 ./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x555586eca6a0, 24) = 0 [pid 494] chdir("./46") = 0 [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 494] setpgid(0, 0) = 0 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 494] write(3, "1000", 4) = 4 [pid 494] close(3) = 0 [pid 494] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 494] write(1, "executing program\n", 18) = 18 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 494] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[495]}, 88) = 495 ./strace-static-x86_64: Process 495 attached [pid 494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 494] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 495] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] memfd_create("syzkaller", 0) = 3 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 495] munmap(0x7f55e3653000, 138412032) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 495] close(3) = 0 [pid 495] close(4) = 0 [pid 495] mkdir("./file1", 0777) = 0 [ 32.323972][ T495] loop0: detected capacity change from 0 to 1024 [pid 495] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 495] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 495] chdir("./file1") = 0 [pid 495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 495] ioctl(4, LOOP_CLR_FD) = 0 [pid 495] close(4) = 0 [pid 495] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] chdir("./file0") = 0 [pid 495] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] creat("./bus", 000) = 4 [pid 495] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 495] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 495] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 495] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 495] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... futex resumed>) = 0 [pid 494] exit_group(0) = ? [pid 495] <... futex resumed>) = ? [pid 495] +++ exited with 0 +++ [pid 494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=494, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file1/lost+found") = 0 umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./46/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/file0") = 0 umount2("./46/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/file1") = 0 umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./46/file1/file0") = 0 umount2("./46/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file1") = 0 umount2("./46/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file2") = 0 umount2("./46/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file3") = 0 umount2("./46/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = -1 EBUSY (Device or resource busy) [ 32.408553][ T495] EXT4-fs (loop0): Ignoring removed orlov option [ 32.414737][ T495] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 32.429097][ T495] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x555586ecb730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555586eca690) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x555586eca6a0, 24) = 0 [pid 499] chdir("./47") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 499] write(1, "executing program\n", 18) = 18 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] rt_sigaction(SIGRT_1, {sa_handler=0x7f55ebadd130, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f55ebace2e0}, NULL, 8) = 0 [pid 499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f55eba53000 [pid 499] mprotect(0x7f55eba54000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f55eba73990, parent_tid=0x7f55eba73990, exit_signal=0, stack=0x7f55eba53000, stack_size=0x20300, tls=0x7f55eba736c0} => {parent_tid=[500]}, 88) = 500 ./strace-static-x86_64: Process 500 attached [pid 499] rt_sigprocmask(SIG_SETMASK, [], [pid 500] set_robust_list(0x7f55eba739a0, 24) = 0 [pid 500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 500] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 499] <... futex resumed>) = 0 [pid 500] memfd_create("syzkaller", 0 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 500] <... memfd_create resumed>) = 3 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f55e3653000 [pid 500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 500] munmap(0x7f55e3653000, 138412032) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 500] close(3) = 0 [pid 500] close(4) = 0 [pid 500] mkdir("./file1", 0777) = 0 [ 32.574244][ T500] loop0: detected capacity change from 0 to 1024 [ 32.584118][ T500] EXT4-fs (loop0): Ignoring removed orlov option [ 32.590351][ T500] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [pid 500] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors="...) = 0 [pid 500] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 500] chdir("./file1") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 500] ioctl(4, LOOP_CLR_FD) = 0 [pid 500] close(4) = 0 [pid 500] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] futex(0x7f55ebb3e6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 0 [pid 500] chdir("./file0") = 0 [pid 500] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] creat("./bus", 000) = 4 [pid 500] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 500] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_DIRECT|O_CLOEXEC) = 5 [pid 500] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] mmap(0x20000000, 8388608, PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 5, 0) = 0x20000000 [pid 500] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f55ebb3e6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f55ebb3e6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] readv(-1, 0x20001f80, 3) = -1 EBADF (Bad file descriptor) [pid 500] futex(0x7f55ebb3e6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] exit_group(0) = ? [pid 500] +++ exited with 0 +++ [pid 499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555586ecb730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0755, st_size=1024, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586ed3770 /* 8 entries */, 32768) = 240 umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/lost+found", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1/lost+found", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1/lost+found", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0700, st_size=11264, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 2 entries */, 32768) = 48 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file1/lost+found") = 0 umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 5 newfstatat(5, "", {st_mode=S_IFDIR|0755, st_size=60, ...}, AT_EMPTY_PATH) = 0 getdents64(5, 0x555586edb7b0 /* 5 entries */, 32768) = 136 umount2("./47/file1/file0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/file0", {st_mode=S_IFREG|0755, st_size=1050, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/file0") = 0 umount2("./47/file1/file0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/file1", {st_mode=S_IFLNK|0777, st_size=39, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/file1") = 0 umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1/file0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file0/bus") = 0 getdents64(5, 0x555586edb7b0 /* 0 entries */, 32768) = 0 close(5) = 0 rmdir("./47/file1/file0") = 0 umount2("./47/file1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file1", {st_mode=S_IFREG|0755, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file1") = 0 umount2("./47/file1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file2", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file2") = 0 umount2("./47/file1/file3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file3", {st_mode=S_IFREG|0755, st_size=9000, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file3") = 0 umount2("./47/file1/file.cold", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1/file.cold", {st_mode=S_IFREG|0755, st_size=100, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/file1/file.cold") = 0 getdents64(4, 0x555586ed3770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = -1 EBUSY (Device or resource busy)