./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor151336849 <...> Warning: Permanently added '10.128.0.18' (ED25519) to the list of known hosts. execve("./syz-executor151336849", ["./syz-executor151336849"], 0x7fff825b7600 /* 10 vars */) = 0 brk(NULL) = 0x55558672f000 brk(0x55558672fd00) = 0x55558672fd00 arch_prctl(ARCH_SET_FS, 0x55558672f380) = 0 set_tid_address(0x55558672f650) = 5218 set_robust_list(0x55558672f660, 24) = 0 rseq(0x55558672fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor151336849", 4096) = 27 getrandom("\xd0\x59\x8f\xcf\xef\xb9\x07\x91", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558672fd00 brk(0x555586750d00) = 0x555586750d00 brk(0x555586751000) = 0x555586751000 mprotect(0x7fe417328000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.HGpq4r", 0700) = 0 chmod("./syzkaller.HGpq4r", 0777) = 0 chdir("./syzkaller.HGpq4r") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x55558672f660, 24) = 0 [pid 5218] <... clone resumed>, child_tidptr=0x55558672f650) = 5219 [pid 5219] chdir("./0") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] write(1, "executing program\n", 18executing program ) = 18 [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5219] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5219] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] close(4) = 0 [pid 5219] mkdir("./file1", 0777) = 0 [ 78.460537][ T5219] loop0: detected capacity change from 0 to 32768 [ 78.493445][ T5219] ======================================================= [ 78.493445][ T5219] WARNING: The mand mount option has been deprecated and [pid 5219] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5219] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file1") = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 78.493445][ T5219] and is ignored by this kernel. Remove the mand [ 78.493445][ T5219] option from the mount to silence this warning. [ 78.493445][ T5219] ======================================================= [ 78.547314][ T5219] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5219] creat("./bus", 000) = 4 [pid 5219] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5219] exit_group(0) = ? [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.959562][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached , child_tidptr=0x55558672f650) = 5223 [pid 5223] set_robust_list(0x55558672f660, 24) = 0 [pid 5223] chdir("./1") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5223] write(1, "executing program\n", 18) = 18 [pid 5223] memfd_create("syzkaller", 0) = 3 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5223] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5223] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5223] close(3) = 0 [pid 5223] close(4) = 0 [pid 5223] mkdir("./file1", 0777) = 0 [ 79.497818][ T5223] loop0: detected capacity change from 0 to 32768 [pid 5223] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5223] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5223] chdir("./file1") = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5223] creat("./bus", 000) = 4 [ 79.564858][ T5223] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5223] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5223] exit_group(0) = ? [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 79.929576][ T5218] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x55558672f650) = 5226 [pid 5226] set_robust_list(0x55558672f660, 24) = 0 [pid 5226] chdir("./2") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5226] write(1, "executing program\n", 18) = 18 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5226] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5226] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file1", 0777) = 0 [ 80.487342][ T5226] loop0: detected capacity change from 0 to 32768 [pid 5226] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./file1") = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.530520][ T5226] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5226] creat("./bus", 000) = 4 [pid 5226] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5226] exit_group(0) = ? [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.952598][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached , child_tidptr=0x55558672f650) = 5229 [pid 5229] set_robust_list(0x55558672f660, 24) = 0 [pid 5229] chdir("./3") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5229] write(1, "executing program\n", 18) = 18 [pid 5229] memfd_create("syzkaller", 0) = 3 [pid 5229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5229] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5229] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5229] close(3) = 0 [pid 5229] close(4) = 0 [pid 5229] mkdir("./file1", 0777) = 0 [ 81.509120][ T5229] loop0: detected capacity change from 0 to 32768 [pid 5229] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5229] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5229] chdir("./file1") = 0 [pid 5229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5229] creat("./bus", 000) = 4 [ 81.558027][ T5229] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5229] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5229] exit_group(0) = ? [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 [ 81.977973][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached , child_tidptr=0x55558672f650) = 5233 [pid 5233] set_robust_list(0x55558672f660, 24) = 0 [pid 5233] chdir("./4") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] write(1, "executing program\n", 18executing program ) = 18 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5233] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5233] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] close(4) = 0 [pid 5233] mkdir("./file1", 0777) = 0 [ 82.528857][ T5233] loop0: detected capacity change from 0 to 32768 [pid 5233] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5233] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./file1") = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5233] creat("./bus", 000) = 4 [ 82.574806][ T5233] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5233] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5233] exit_group(0) = ? [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 [ 82.987139][ T5218] ocfs2: Unmounting device (7,0) on (node local) getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached , child_tidptr=0x55558672f650) = 5236 [pid 5236] set_robust_list(0x55558672f660, 24) = 0 [pid 5236] chdir("./5") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5236] write(1, "executing program\n", 18) = 18 [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5236] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5236] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] close(4) = 0 [pid 5236] mkdir("./file1", 0777) = 0 [ 83.463277][ T5236] loop0: detected capacity change from 0 to 32768 [pid 5236] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5236] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file1") = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5236] creat("./bus", 000) = 4 [ 83.529021][ T5236] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5236] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5236] exit_group(0) = ? [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 83.949922][ T5218] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached , child_tidptr=0x55558672f650) = 5239 [pid 5239] set_robust_list(0x55558672f660, 24) = 0 [pid 5239] chdir("./6") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5239] write(1, "executing program\n", 18) = 18 [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5239] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5239] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] close(4) = 0 [pid 5239] mkdir("./file1", 0777) = 0 [ 84.467916][ T5239] loop0: detected capacity change from 0 to 32768 [pid 5239] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5239] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file1") = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5239] creat("./bus", 000) = 4 [ 84.515888][ T5239] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5239] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5239] exit_group(0) = ? [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 84.901812][ T5218] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5242 attached , child_tidptr=0x55558672f650) = 5242 [pid 5242] set_robust_list(0x55558672f660, 24) = 0 [pid 5242] chdir("./7") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] write(1, "executing program\n", 18executing program ) = 18 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5242] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5242] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] close(4) = 0 [pid 5242] mkdir("./file1", 0777) = 0 [ 85.453794][ T5242] loop0: detected capacity change from 0 to 32768 [pid 5242] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5242] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file1") = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5242] creat("./bus", 000) = 4 [ 85.506647][ T5242] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5242] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5242] exit_group(0) = ? [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 85.900082][ T5218] ocfs2: Unmounting device (7,0) on (node local) rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5245 attached , child_tidptr=0x55558672f650) = 5245 [pid 5245] set_robust_list(0x55558672f660, 24) = 0 [pid 5245] chdir("./8") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5245] write(1, "executing program\n", 18) = 18 [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5245] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5245] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] close(4) = 0 [pid 5245] mkdir("./file1", 0777) = 0 [ 86.360470][ T5245] loop0: detected capacity change from 0 to 32768 [pid 5245] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5245] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file1") = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5245] creat("./bus", 000) = 4 [ 86.412944][ T5245] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5245] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5245] exit_group(0) = ? [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 86.831009][ T5218] ocfs2: Unmounting device (7,0) on (node local) ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5248 attached , child_tidptr=0x55558672f650) = 5248 [pid 5248] set_robust_list(0x55558672f660, 24) = 0 [pid 5248] chdir("./9") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 86.976130][ T25] cfg80211: failed to load regulatory.db [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5248] write(1, "executing program\n", 18) = 18 [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5248] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5248] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] close(4) = 0 [pid 5248] mkdir("./file1", 0777) = 0 [ 87.301500][ T5248] loop0: detected capacity change from 0 to 32768 [pid 5248] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5248] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file1") = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5248] creat("./bus", 000) = 4 [ 87.351470][ T5248] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5248] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5248] exit_group(0) = ? [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 87.709075][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5251 attached , child_tidptr=0x55558672f650) = 5251 [pid 5251] set_robust_list(0x55558672f660, 24) = 0 [pid 5251] chdir("./10") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] write(1, "executing program\n", 18executing program ) = 18 [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5251] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5251] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] close(4) = 0 [pid 5251] mkdir("./file1", 0777) = 0 [ 88.304262][ T5251] loop0: detected capacity change from 0 to 32768 [pid 5251] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5251] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file1") = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5251] creat("./bus", 000) = 4 [ 88.363210][ T5251] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5251] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5251] exit_group(0) = ? [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 88.793881][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5254 attached , child_tidptr=0x55558672f650) = 5254 [pid 5254] set_robust_list(0x55558672f660, 24) = 0 [pid 5254] chdir("./11") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5254] write(1, "executing program\n", 18) = 18 [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5254] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5254] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] close(4) = 0 [pid 5254] mkdir("./file1", 0777) = 0 [ 89.198500][ T5254] loop0: detected capacity change from 0 to 32768 [pid 5254] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5254] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file1") = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5254] creat("./bus", 000) = 4 [ 89.252738][ T5254] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5254] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5254] exit_group(0) = ? [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 [ 89.591547][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5257 attached , child_tidptr=0x55558672f650) = 5257 [pid 5257] set_robust_list(0x55558672f660, 24) = 0 [pid 5257] chdir("./12") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] write(1, "executing program\n", 18executing program ) = 18 [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5257] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5257] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] close(4) = 0 [pid 5257] mkdir("./file1", 0777) = 0 [ 90.060783][ T5257] loop0: detected capacity change from 0 to 32768 [pid 5257] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5257] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file1") = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.110430][ T5257] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5257] creat("./bus", 000) = 4 [pid 5257] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5257] exit_group(0) = ? [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.492957][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5260 attached , child_tidptr=0x55558672f650) = 5260 [pid 5260] set_robust_list(0x55558672f660, 24) = 0 [pid 5260] chdir("./13") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5260] write(1, "executing program\n", 18) = 18 [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5260] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5260] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] close(4) = 0 [pid 5260] mkdir("./file1", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5260] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5260] chdir("./file1") = 0 [ 91.039143][ T5260] loop0: detected capacity change from 0 to 32768 [ 91.073911][ T5260] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5260] creat("./bus", 000) = 4 [pid 5260] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5260] exit_group(0) = ? [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 [ 91.470685][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached , child_tidptr=0x55558672f650) = 5263 [pid 5263] set_robust_list(0x55558672f660, 24) = 0 [pid 5263] chdir("./14") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5263] write(1, "executing program\n", 18) = 18 [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5263] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5263] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] close(4) = 0 [pid 5263] mkdir("./file1", 0777) = 0 [ 91.944044][ T5263] loop0: detected capacity change from 0 to 32768 [pid 5263] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5263] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file1") = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5263] creat("./bus", 000) = 4 [ 91.998727][ T5263] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5263] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5263] exit_group(0) = ? [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 92.387543][ T5218] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5266 attached , child_tidptr=0x55558672f650) = 5266 [pid 5266] set_robust_list(0x55558672f660, 24) = 0 [pid 5266] chdir("./15") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5266] write(1, "executing program\n", 18) = 18 [pid 5266] memfd_create("syzkaller", 0) = 3 [pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5266] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5266] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5266] close(3) = 0 [pid 5266] close(4) = 0 [pid 5266] mkdir("./file1", 0777) = 0 [pid 5266] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5266] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 92.948588][ T5266] loop0: detected capacity change from 0 to 32768 [ 92.988247][ T5266] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5266] chdir("./file1") = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5266] creat("./bus", 000) = 4 [pid 5266] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5266] exit_group(0) = ? [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=32 /* 0.32 s */} --- umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 93.403476][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached , child_tidptr=0x55558672f650) = 5269 [pid 5269] set_robust_list(0x55558672f660, 24) = 0 [pid 5269] chdir("./16") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5269] write(1, "executing program\n", 18) = 18 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5269] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5269] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] close(4) = 0 [pid 5269] mkdir("./file1", 0777) = 0 [ 93.938063][ T5269] loop0: detected capacity change from 0 to 32768 [pid 5269] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5269] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file1") = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5269] creat("./bus", 000) = 4 [ 93.984214][ T5269] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5269] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5269] exit_group(0) = ? [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 [ 94.359338][ T5218] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5272 attached , child_tidptr=0x55558672f650) = 5272 [pid 5272] set_robust_list(0x55558672f660, 24) = 0 [pid 5272] chdir("./17") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] write(1, "executing program\n", 18executing program ) = 18 [pid 5272] memfd_create("syzkaller", 0) = 3 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5272] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5272] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5272] close(3) = 0 [pid 5272] close(4) = 0 [pid 5272] mkdir("./file1", 0777) = 0 [ 94.807586][ T5272] loop0: detected capacity change from 0 to 32768 [pid 5272] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5272] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5272] chdir("./file1") = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5272] creat("./bus", 000) = 4 [ 94.851317][ T5272] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5272] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5272] exit_group(0) = ? [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 95.214445][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x55558672f650) = 5275 [pid 5275] set_robust_list(0x55558672f660, 24) = 0 [pid 5275] chdir("./18") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5275] write(1, "executing program\n", 18) = 18 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5275] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5275] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] close(4) = 0 [pid 5275] mkdir("./file1", 0777) = 0 [ 95.606385][ T5275] loop0: detected capacity change from 0 to 32768 [pid 5275] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5275] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file1") = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5275] creat("./bus", 000) = 4 [ 95.657229][ T5275] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5275] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5275] exit_group(0) = ? [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 96.057277][ T5218] ocfs2: Unmounting device (7,0) on (node local) umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x55558672f650) = 5278 [pid 5278] set_robust_list(0x55558672f660, 24) = 0 [pid 5278] chdir("./19") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5278] write(1, "executing program\n", 18) = 18 [pid 5278] memfd_create("syzkaller", 0) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5278] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5278] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] close(4) = 0 [pid 5278] mkdir("./file1", 0777) = 0 [ 96.638797][ T5278] loop0: detected capacity change from 0 to 32768 [pid 5278] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5278] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./file1") = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5278] creat("./bus", 000) = 4 [ 96.683987][ T5278] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5278] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5278] exit_group(0) = ? [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} --- umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 [ 97.079903][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x55558672f650) = 5281 [pid 5281] set_robust_list(0x55558672f660, 24) = 0 [pid 5281] chdir("./20") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5281] write(1, "executing program\n", 18) = 18 [pid 5281] memfd_create("syzkaller", 0) = 3 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5281] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5281] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] close(4) = 0 [pid 5281] mkdir("./file1", 0777) = 0 [ 97.596028][ T5281] loop0: detected capacity change from 0 to 32768 [pid 5281] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5281] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5281] chdir("./file1") = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5281] creat("./bus", 000) = 4 [ 97.640495][ T5281] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 97.699981][ T5281] [ 97.702448][ T5281] ====================================================== [ 97.709502][ T5281] WARNING: possible circular locking dependency detected [ 97.716641][ T5281] 6.11.0-syzkaller-10045-g97d8894b6f4c #0 Not tainted [ 97.723411][ T5281] ------------------------------------------------------ [ 97.730451][ T5281] syz-executor151/5281 is trying to acquire lock: [ 97.736884][ T5281] ffff8880213e95a8 (&osb->system_file_mutex){+.+.}-{3:3}, at: ocfs2_get_system_file_inode+0x18f/0x7b0 [ 97.747980][ T5281] [ 97.747980][ T5281] but task is already holding lock: [ 97.755365][ T5281] ffff88804df594a0 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_write_begin+0x1d1/0x3a0 [ 97.766001][ T5281] [ 97.766001][ T5281] which lock already depends on the new lock. [ 97.766001][ T5281] [ 97.776511][ T5281] [ 97.776511][ T5281] the existing dependency chain (in reverse order) is: [ 97.785902][ T5281] [ 97.785902][ T5281] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}: [ 97.794708][ T5281] lock_acquire+0x1ed/0x550 [ 97.799955][ T5281] down_read+0xb1/0xa40 [ 97.804751][ T5281] ocfs2_read_virt_blocks+0x2ca/0xa50 [ 97.810753][ T5281] ocfs2_find_entry+0x43b/0x2780 [ 97.816483][ T5281] ocfs2_find_files_on_disk+0xff/0x360 [ 97.822659][ T5281] ocfs2_lookup_ino_from_name+0xb1/0x1e0 [ 97.828836][ T5281] ocfs2_get_system_file_inode+0x305/0x7b0 [ 97.835281][ T5281] ocfs2_init_global_system_inodes+0x32c/0x730 [ 97.842141][ T5281] ocfs2_fill_super+0x2f47/0x5750 [ 97.847731][ T5281] mount_bdev+0x20a/0x2d0 [ 97.852623][ T5281] legacy_get_tree+0xee/0x190 [ 97.857837][ T5281] vfs_get_tree+0x90/0x2b0 [ 97.862835][ T5281] do_new_mount+0x2be/0xb40 [ 97.868045][ T5281] __se_sys_mount+0x2d6/0x3c0 [ 97.873425][ T5281] do_syscall_64+0xf3/0x230 [ 97.879056][ T5281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.885490][ T5281] [ 97.885490][ T5281] -> #0 (&osb->system_file_mutex){+.+.}-{3:3}: [ 97.893947][ T5281] validate_chain+0x18ef/0x5920 [ 97.899437][ T5281] __lock_acquire+0x1384/0x2050 [ 97.904822][ T5281] lock_acquire+0x1ed/0x550 [ 97.910217][ T5281] __mutex_lock+0x136/0xd70 [ 97.915338][ T5281] ocfs2_get_system_file_inode+0x18f/0x7b0 [ 97.921687][ T5281] ocfs2_reserve_local_alloc_bits+0x107/0x2870 [ 97.928832][ T5281] ocfs2_reserve_clusters_with_limit+0x1b8/0xb60 [ 97.935703][ T5281] ocfs2_lock_allocators+0x30a/0x630 [ 97.941513][ T5281] ocfs2_write_begin_nolock+0x26f2/0x4ec0 [ 97.947799][ T5281] ocfs2_write_begin+0x205/0x3a0 [ 97.953270][ T5281] generic_perform_write+0x344/0x6d0 [ 97.959094][ T5281] ocfs2_file_write_iter+0x17b1/0x1f50 [ 97.965180][ T5281] vfs_write+0xa6d/0xc90 [ 97.970489][ T5281] ksys_write+0x183/0x2b0 [ 97.975370][ T5281] do_syscall_64+0xf3/0x230 [ 97.980507][ T5281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.987379][ T5281] [ 97.987379][ T5281] other info that might help us debug this: [ 97.987379][ T5281] [ 97.997713][ T5281] Possible unsafe locking scenario: [ 97.997713][ T5281] [ 98.005641][ T5281] CPU0 CPU1 [ 98.011008][ T5281] ---- ---- [ 98.016384][ T5281] lock(&ocfs2_file_ip_alloc_sem_key); [ 98.022348][ T5281] lock(&osb->system_file_mutex); [ 98.029999][ T5281] lock(&ocfs2_file_ip_alloc_sem_key); [ 98.038084][ T5281] lock(&osb->system_file_mutex); [ 98.043207][ T5281] [ 98.043207][ T5281] *** DEADLOCK *** [ 98.043207][ T5281] [ 98.051360][ T5281] 3 locks held by syz-executor151/5281: [ 98.056923][ T5281] #0: ffff888031112420 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 [ 98.065823][ T5281] #1: ffff88804df59800 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: ocfs2_file_write_iter+0x467/0x1f50 [ 98.077337][ T5281] #2: ffff88804df594a0 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_write_begin+0x1d1/0x3a0 [ 98.088340][ T5281] [ 98.088340][ T5281] stack backtrace: [ 98.094257][ T5281] CPU: 0 UID: 0 PID: 5281 Comm: syz-executor151 Not tainted 6.11.0-syzkaller-10045-g97d8894b6f4c #0 [ 98.105039][ T5281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 98.115108][ T5281] Call Trace: [ 98.118396][ T5281] [ 98.121340][ T5281] dump_stack_lvl+0x241/0x360 [ 98.126023][ T5281] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.131220][ T5281] ? __pfx__printk+0x10/0x10 [ 98.135836][ T5281] print_circular_bug+0x13a/0x1b0 [ 98.141070][ T5281] check_noncircular+0x36a/0x4a0 [ 98.146431][ T5281] ? __pfx_check_noncircular+0x10/0x10 [ 98.151994][ T5281] ? lockdep_lock+0x123/0x2b0 [ 98.156707][ T5281] ? __ocfs2_journal_access+0x64c/0x8a0 [ 98.162333][ T5281] ? __pfx_lock_release+0x10/0x10 [ 98.167410][ T5281] validate_chain+0x18ef/0x5920 [ 98.172416][ T5281] ? __bfs+0x368/0x6f0 [ 98.176560][ T5281] ? __pfx_validate_chain+0x10/0x10 [ 98.181798][ T5281] ? validate_chain+0x11e/0x5920 [ 98.186773][ T5281] ? rcu_is_watching+0x15/0xb0 [ 98.191927][ T5281] ? lock_release+0xbf/0xa30 [ 98.196535][ T5281] ? __pfx_validate_chain+0x10/0x10 [ 98.201855][ T5281] ? deref_stack_reg+0x17c/0x210 [ 98.206823][ T5281] ? __pfx_lock_release+0x10/0x10 [ 98.211879][ T5281] ? mark_lock+0x9a/0x360 [ 98.216213][ T5281] ? deref_stack_reg+0x17c/0x210 [ 98.221194][ T5281] __lock_acquire+0x1384/0x2050 [ 98.226062][ T5281] lock_acquire+0x1ed/0x550 [ 98.230712][ T5281] ? ocfs2_get_system_file_inode+0x18f/0x7b0 [ 98.236763][ T5281] ? __pfx_lock_acquire+0x10/0x10 [ 98.242128][ T5281] ? __pfx___might_resched+0x10/0x10 [ 98.247445][ T5281] __mutex_lock+0x136/0xd70 [ 98.252440][ T5281] ? ocfs2_get_system_file_inode+0x18f/0x7b0 [ 98.258546][ T5281] ? __pfx_lock_acquire+0x10/0x10 [ 98.263764][ T5281] ? ocfs2_get_system_file_inode+0x141/0x7b0 [ 98.269767][ T5281] ? ocfs2_get_system_file_inode+0x18f/0x7b0 [ 98.275780][ T5281] ? __pfx_lock_release+0x10/0x10 [ 98.281119][ T5281] ? __pfx___mutex_lock+0x10/0x10 [ 98.286192][ T5281] ? do_raw_spin_unlock+0x13c/0x8b0 [ 98.291415][ T5281] ocfs2_get_system_file_inode+0x18f/0x7b0 [ 98.297357][ T5281] ? __pfx_ocfs2_get_system_file_inode+0x10/0x10 [ 98.303718][ T5281] ? __pfx_validate_chain+0x10/0x10 [ 98.309049][ T5281] ? kernel_text_address+0xa7/0xe0 [ 98.314208][ T5281] ? __kernel_text_address+0xd/0x40 [ 98.319428][ T5281] ? unwind_get_return_address+0x4d/0x90 [ 98.325195][ T5281] ? arch_stack_walk+0xfd/0x150 [ 98.330339][ T5281] ocfs2_reserve_local_alloc_bits+0x107/0x2870 [ 98.336538][ T5281] ? ocfs2_buffer_cached+0x47e/0x840 [ 98.341841][ T5281] ? mark_lock+0x9a/0x360 [ 98.346185][ T5281] ? __lock_acquire+0x1384/0x2050 [ 98.351241][ T5281] ? __pfx_ocfs2_reserve_local_alloc_bits+0x10/0x10 [ 98.357855][ T5281] ? __pfx_lock_acquire+0x10/0x10 [ 98.362984][ T5281] ? ocfs2_alloc_should_use_local+0x155/0x320 [ 98.369068][ T5281] ? __pfx_lock_release+0x10/0x10 [ 98.374108][ T5281] ? do_raw_spin_lock+0x14f/0x370 [ 98.379154][ T5281] ? do_raw_spin_unlock+0x13c/0x8b0 [ 98.384371][ T5281] ? _raw_spin_unlock+0x28/0x50 [ 98.389335][ T5281] ? ocfs2_alloc_should_use_local+0x155/0x320 [ 98.395517][ T5281] ocfs2_reserve_clusters_with_limit+0x1b8/0xb60 [ 98.401866][ T5281] ? mark_lock+0x9a/0x360 [ 98.406318][ T5281] ? __pfx_ocfs2_reserve_clusters_with_limit+0x10/0x10 [ 98.413194][ T5281] ? rcu_is_watching+0x15/0xb0 [ 98.417987][ T5281] ? ocfs2_num_free_extents+0x3b8/0x6e0 [ 98.423566][ T5281] ? __pfx_ocfs2_num_free_extents+0x10/0x10 [ 98.429572][ T5281] ocfs2_lock_allocators+0x30a/0x630 [ 98.434863][ T5281] ? __pfx_ocfs2_lock_allocators+0x10/0x10 [ 98.440710][ T5281] ? ocfs2_write_begin_nolock+0x114c/0x4ec0 [ 98.446630][ T5281] ? rcu_is_watching+0x15/0xb0 [ 98.451473][ T5281] ? ocfs2_write_begin_nolock+0x114c/0x4ec0 [ 98.457482][ T5281] ? kfree+0x4e/0x440 [ 98.461471][ T5281] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 98.467042][ T5281] ocfs2_write_begin_nolock+0x26f2/0x4ec0 [ 98.472811][ T5281] ? __pfx_ocfs2_write_begin_nolock+0x10/0x10 [ 98.478905][ T5281] ? __pfx_lock_acquire+0x10/0x10 [ 98.483941][ T5281] ? mark_lock+0x9a/0x360 [ 98.488277][ T5281] ? __lock_acquire+0x1384/0x2050 [ 98.493344][ T5281] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ 98.499680][ T5281] ? __pfx_lock_acquire+0x10/0x10 [ 98.504825][ T5281] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 98.511181][ T5281] ? __pfx___might_resched+0x10/0x10 [ 98.516982][ T5281] ? irqentry_exit+0x63/0x90 [ 98.521691][ T5281] ? irqentry_exit+0x63/0x90 [ 98.526391][ T5281] ? exc_page_fault+0x590/0x8c0 [ 98.531270][ T5281] ? down_write+0x18c/0x220 [ 98.535782][ T5281] ? __pfx_down_write+0x10/0x10 [ 98.540686][ T5281] ocfs2_write_begin+0x205/0x3a0 [ 98.545928][ T5281] ? __pfx_ocfs2_write_begin+0x10/0x10 [ 98.551407][ T5281] ? fault_in_iov_iter_readable+0x229/0x280 [ 98.557411][ T5281] generic_perform_write+0x344/0x6d0 [ 98.562707][ T5281] ? __pfx_generic_perform_write+0x10/0x10 [ 98.568534][ T5281] ? __generic_file_write_iter+0x102/0x230 [ 98.574429][ T5281] ? ocfs2_file_write_iter+0x1790/0x1f50 [ 98.580087][ T5281] ocfs2_file_write_iter+0x17b1/0x1f50 [ 98.585595][ T5281] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 98.591447][ T5281] ? __pfx_lock_acquire+0x10/0x10 [ 98.596627][ T5281] ? rcu_read_lock_any_held+0xb7/0x160 [ 98.602154][ T5281] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 98.608089][ T5281] vfs_write+0xa6d/0xc90 [ 98.612459][ T5281] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 98.618723][ T5281] ? __pfx_vfs_write+0x10/0x10 [ 98.624193][ T5281] ? _raw_spin_unlock_irq+0x2e/0x50 [ 98.629417][ T5281] ? fdget_pos+0x265/0x320 [ 98.633840][ T5281] ksys_write+0x183/0x2b0 [ 98.638376][ T5281] ? __pfx_ksys_write+0x10/0x10 [ 98.643351][ T5281] ? exc_page_fault+0x590/0x8c0 [ 98.648371][ T5281] do_syscall_64+0xf3/0x230 [ 98.652890][ T5281] ? clear_bhb_loop+0x35/0x90 [ 98.657691][ T5281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.663626][ T5281] RIP: 0033:0x7fe4172b0169 [ 98.668074][ T5281] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 98.688764][ T5281] RSP: 002b:00007ffc715bf6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 98.697189][ T5281] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe4172b0169 [ 98.705178][ T5281] RDX: 000000000f642e7e RSI: 0000000020000200 RDI: 0000000000000004 [ 98.713167][ T5281] RBP: 00000000ffffffff R08: 00000000000008c0 R09: 00000000000008c0 [ 98.721145][ T5281] R10: 0000000000004430 R11: 0000000000000246 R12: 00007ffc715bf730 [ 98.729146][ T5281] R13: 00007ffc715bf770 R14: 0000000001000000 R15: 0000000000000003 [ 98.737145][ T5281] [pid 5281] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5281] exit_group(0) = ? [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 99.046113][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x55558672f650) = 5284 [pid 5284] set_robust_list(0x55558672f660, 24) = 0 [pid 5284] chdir("./21") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5284] write(1, "executing program\n", 18) = 18 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5284] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5284] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] close(4) = 0 [pid 5284] mkdir("./file1", 0777) = 0 [ 99.333669][ T5284] loop0: detected capacity change from 0 to 32768 [pid 5284] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./file1") = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5284] creat("./bus", 000) = 4 [ 99.383193][ T5284] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5284] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5284] exit_group(0) = ? [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 99.693634][ T5218] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached , child_tidptr=0x55558672f650) = 5287 [pid 5287] set_robust_list(0x55558672f660, 24) = 0 [pid 5287] chdir("./22") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5287] write(1, "executing program\n", 18) = 18 [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5287] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5287] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] close(4) = 0 [pid 5287] mkdir("./file1", 0777) = 0 [pid 5287] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5287] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5287] chdir("./file1") = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5287] creat("./bus", 000) = 4 [ 100.186639][ T5287] loop0: detected capacity change from 0 to 32768 [ 100.222215][ T5287] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5287] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5287] exit_group(0) = ? [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 100.535529][ T5218] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x55558672f660, 24 [pid 5218] <... clone resumed>, child_tidptr=0x55558672f650) = 5290 [pid 5290] <... set_robust_list resumed>) = 0 [pid 5290] chdir("./23") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5290] write(1, "executing program\n", 18) = 18 [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5290] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5290] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] close(4) = 0 [pid 5290] mkdir("./file1", 0777) = 0 [pid 5290] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file1") = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 100.963909][ T5290] loop0: detected capacity change from 0 to 32768 [ 100.983905][ T5290] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5290] creat("./bus", 000) = 4 [pid 5290] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5290] exit_group(0) = ? [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 101.352499][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached , child_tidptr=0x55558672f650) = 5293 [pid 5293] set_robust_list(0x55558672f660, 24) = 0 [pid 5293] chdir("./24") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] write(1, "executing program\n", 18executing program ) = 18 [pid 5293] memfd_create("syzkaller", 0) = 3 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5293] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5293] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5293] close(3) = 0 [pid 5293] close(4) = 0 [pid 5293] mkdir("./file1", 0777) = 0 [ 101.665368][ T5293] loop0: detected capacity change from 0 to 32768 [pid 5293] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5293] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./file1") = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5293] creat("./bus", 000) = 4 [ 101.716789][ T5293] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5293] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5293] exit_group(0) = ? [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 102.050275][ T5218] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5296 attached , child_tidptr=0x55558672f650) = 5296 [pid 5296] set_robust_list(0x55558672f660, 24) = 0 [pid 5296] chdir("./25") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5296] write(1, "executing program\n", 18) = 18 [pid 5296] memfd_create("syzkaller", 0) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5296] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5296] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] close(4) = 0 [pid 5296] mkdir("./file1", 0777) = 0 [ 102.422284][ T5296] loop0: detected capacity change from 0 to 32768 [pid 5296] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file1") = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5296] creat("./bus", 000) = 4 [ 102.474358][ T5296] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5296] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5296] exit_group(0) = ? [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 102.776682][ T5218] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5300 attached , child_tidptr=0x55558672f650) = 5300 [pid 5300] set_robust_list(0x55558672f660, 24) = 0 [pid 5300] chdir("./26") = 0 [pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5300] setpgid(0, 0) = 0 [pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5300] write(3, "1000", 4) = 4 [pid 5300] close(3) = 0 [pid 5300] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5300] write(1, "executing program\n", 18) = 18 [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5300] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5300] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] close(4) = 0 [pid 5300] mkdir("./file1", 0777) = 0 [ 103.228772][ T5300] loop0: detected capacity change from 0 to 32768 [pid 5300] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file1") = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5300] creat("./bus", 000) = 4 [ 103.273334][ T5300] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5300] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5300] exit_group(0) = ? [pid 5300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 103.588728][ T5218] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached , child_tidptr=0x55558672f650) = 5305 [pid 5305] set_robust_list(0x55558672f660, 24) = 0 [pid 5305] chdir("./27") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5305] write(1, "executing program\n", 18) = 18 [pid 5305] memfd_create("syzkaller", 0) = 3 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5305] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5305] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5305] close(3) = 0 [pid 5305] close(4) = 0 [pid 5305] mkdir("./file1", 0777) = 0 [ 104.027852][ T5305] loop0: detected capacity change from 0 to 32768 [pid 5305] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5305] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5305] chdir("./file1") = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5305] creat("./bus", 000) = 4 [ 104.082681][ T5305] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5305] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5305] exit_group(0) = ? [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 104.358981][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5310 attached [pid 5310] set_robust_list(0x55558672f660, 24 [pid 5218] <... clone resumed>, child_tidptr=0x55558672f650) = 5310 [pid 5310] <... set_robust_list resumed>) = 0 [pid 5310] chdir("./28") = 0 [pid 5310] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5310] setpgid(0, 0) = 0 [pid 5310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5310] write(3, "1000", 4) = 4 [pid 5310] close(3) = 0 [pid 5310] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5310] write(1, "executing program\n", 18) = 18 [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5310] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5310] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] close(4) = 0 [pid 5310] mkdir("./file1", 0777) = 0 [ 104.666740][ T5310] loop0: detected capacity change from 0 to 32768 [pid 5310] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5310] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] chdir("./file1") = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5310] creat("./bus", 000) = 4 [ 104.714432][ T5310] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5310] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5310] exit_group(0) = ? [pid 5310] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5310, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 105.001272][ T5218] ocfs2: Unmounting device (7,0) on (node local) getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5314 attached [pid 5314] set_robust_list(0x55558672f660, 24 [pid 5218] <... clone resumed>, child_tidptr=0x55558672f650) = 5314 [pid 5314] <... set_robust_list resumed>) = 0 [pid 5314] chdir("./29") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] write(1, "executing program\n", 18executing program ) = 18 [pid 5314] memfd_create("syzkaller", 0) = 3 [pid 5314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5314] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5314] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5314] close(3) = 0 [pid 5314] close(4) = 0 [pid 5314] mkdir("./file1", 0777) = 0 [ 105.445027][ T5314] loop0: detected capacity change from 0 to 32768 [pid 5314] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5314] chdir("./file1") = 0 [pid 5314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5314] creat("./bus", 000) = 4 [ 105.487385][ T5314] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5314] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5314] exit_group(0) = ? [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 105.679900][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x55558672f660, 24 [pid 5218] <... clone resumed>, child_tidptr=0x55558672f650) = 5317 [pid 5317] <... set_robust_list resumed>) = 0 [pid 5317] chdir("./30") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5317] write(1, "executing program\n", 18) = 18 [pid 5317] memfd_create("syzkaller", 0) = 3 [pid 5317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5317] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5317] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5317] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5317] close(3) = 0 [pid 5317] close(4) = 0 [pid 5317] mkdir("./file1", 0777) = 0 [ 105.964278][ T5317] loop0: detected capacity change from 0 to 32768 [pid 5317] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5317] chdir("./file1") = 0 [pid 5317] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5317] creat("./bus", 000) = 4 [ 106.022819][ T5317] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5317] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5317] exit_group(0) = ? [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 106.346884][ T5218] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached , child_tidptr=0x55558672f650) = 5321 [pid 5321] set_robust_list(0x55558672f660, 24) = 0 [pid 5321] chdir("./31") = 0 [pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5321] setpgid(0, 0) = 0 [pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5321] write(3, "1000", 4) = 4 [pid 5321] close(3) = 0 [pid 5321] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5321] write(1, "executing program\n", 18) = 18 [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5321] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5321] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] close(3) = 0 [pid 5321] close(4) = 0 [pid 5321] mkdir("./file1", 0777) = 0 [ 106.834579][ T5321] loop0: detected capacity change from 0 to 32768 [pid 5321] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./file1") = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5321] creat("./bus", 000) = 4 [ 106.882731][ T5321] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5321] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5321] exit_group(0) = ? [pid 5321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5321, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555867306f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555586738730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555586738730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555867306f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 107.206455][ T5218] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x55558672f660, 24 [pid 5218] <... clone resumed>, child_tidptr=0x55558672f650) = 5324 [pid 5324] <... set_robust_list resumed>) = 0 [pid 5324] chdir("./32") = 0 [pid 5324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5324] setpgid(0, 0) = 0 [pid 5324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5324] write(3, "1000", 4) = 4 [pid 5324] close(3) = 0 [pid 5324] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5324] write(1, "executing program\n", 18) = 18 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe40ee00000 [pid 5324] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5324] munmap(0x7fe40ee00000, 138412032) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] close(4) = 0 [pid 5324] mkdir("./file1", 0777) = 0 [ 107.507916][ T5324] loop0: detected capacity change from 0 to 32768 [pid 5324] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5324] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file1") = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5324] creat("./bus", 000) = 4 [ 107.561080][ T5324] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5324] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5324] exit_group(0) = ? [pid 5324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5324, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0