./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor54566285 <...> Warning: Permanently added '10.128.0.193' (ED25519) to the list of known hosts. execve("./syz-executor54566285", ["./syz-executor54566285"], 0x7ffcc39d9740 /* 10 vars */) = 0 brk(NULL) = 0x55556eab9000 brk(0x55556eab9d00) = 0x55556eab9d00 arch_prctl(ARCH_SET_FS, 0x55556eab9380) = 0 set_tid_address(0x55556eab9650) = 5073 set_robust_list(0x55556eab9660, 24) = 0 rseq(0x55556eab9ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor54566285", 4096) = 26 getrandom("\x7d\xc1\x8a\x65\x86\xc5\xa8\x23", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556eab9d00 brk(0x55556eadad00) = 0x55556eadad00 brk(0x55556eadb000) = 0x55556eadb000 mprotect(0x7fc7c037f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.CCz9Vl", 0700) = 0 chmod("./syzkaller.CCz9Vl", 0777) = 0 chdir("./syzkaller.CCz9Vl") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached , child_tidptr=0x55556eab9650) = 5074 [pid 5074] set_robust_list(0x55556eab9660, 24) = 0 [pid 5074] chdir("./0") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] memfd_create("syzkaller", 0) = 3 [pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5074] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5074] close(3) = 0 [pid 5074] close(4) = 0 [pid 5074] mkdir("./file1", 0777) = 0 [ 108.281949][ T5074] loop0: detected capacity change from 0 to 1024 [ 108.310541][ T5074] EXT4-fs: Ignoring removed oldalloc option [pid 5074] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5074] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5074] chdir("./file1") = 0 [pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5074] write(4, "\xe0", 1) = 1 [ 108.345086][ T5074] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5074] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5074] exit_group(0) = ? [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 108.509740][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached , child_tidptr=0x55556eab9650) = 5080 [pid 5080] set_robust_list(0x55556eab9660, 24) = 0 [pid 5080] chdir("./1") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5080] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5080] close(3) = 0 [pid 5080] close(4) = 0 [pid 5080] mkdir("./file1", 0777) = 0 [ 108.751063][ T5080] loop0: detected capacity change from 0 to 1024 [ 108.784451][ T5080] EXT4-fs: Ignoring removed oldalloc option [pid 5080] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file1") = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5080] write(4, "\xe0", 1) = 1 [pid 5080] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5080] exit_group(0) = ? [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 108.814092][ T5080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 108.897570][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x55556eab9650) = 5083 [pid 5083] set_robust_list(0x55556eab9660, 24) = 0 [pid 5083] chdir("./2") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5083] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] close(4) = 0 [pid 5083] mkdir("./file1", 0777) = 0 [ 109.131676][ T5083] loop0: detected capacity change from 0 to 1024 [ 109.167265][ T5083] EXT4-fs: Ignoring removed oldalloc option [pid 5083] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file1") = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5083] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5083] write(4, "\xe0", 1) = 1 [ 109.192227][ T5083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5083] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 109.296561][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x55556eab9650) = 5086 [pid 5086] set_robust_list(0x55556eab9660, 24) = 0 [pid 5086] chdir("./3") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5086] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] close(3) = 0 [pid 5086] close(4) = 0 [pid 5086] mkdir("./file1", 0777) = 0 [ 109.483487][ T5086] loop0: detected capacity change from 0 to 1024 [ 109.521510][ T5086] EXT4-fs: Ignoring removed oldalloc option [pid 5086] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file1") = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5086] write(4, "\xe0", 1) = 1 [pid 5086] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 109.553055][ T5086] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5086] exit_group(0) = ? [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 [ 109.692666][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x55556eab9650) = 5089 [pid 5089] set_robust_list(0x55556eab9660, 24) = 0 [pid 5089] chdir("./4") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5089] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] close(4) = 0 [pid 5089] mkdir("./file1", 0777) = 0 [pid 5089] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file1") = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5089] write(4, "\xe0", 1) = 1 [ 109.957523][ T5089] loop0: detected capacity change from 0 to 1024 [ 109.975255][ T5089] EXT4-fs: Ignoring removed oldalloc option [ 109.995049][ T5089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5089] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5089] exit_group(0) = ? [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 [ 110.107900][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x55556eab9650) = 5092 [pid 5092] set_robust_list(0x55556eab9660, 24) = 0 [pid 5092] chdir("./5") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] memfd_create("syzkaller", 0) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5092] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5092] close(3) = 0 [pid 5092] close(4) = 0 [pid 5092] mkdir("./file1", 0777) = 0 [ 110.343291][ T5092] loop0: detected capacity change from 0 to 1024 [pid 5092] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file1") = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5092] write(4, "\xe0", 1) = 1 [pid 5092] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5092] exit_group(0) = ? [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 110.387423][ T5092] EXT4-fs: Ignoring removed oldalloc option [ 110.414156][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 110.510326][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556eab9650) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x55556eab9660, 24) = 0 [pid 5095] chdir("./6") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5095] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] close(4) = 0 [pid 5095] mkdir("./file1", 0777) = 0 [ 110.736811][ T5095] loop0: detected capacity change from 0 to 1024 [ 110.764474][ T5095] EXT4-fs: Ignoring removed oldalloc option [pid 5095] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5095] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file1") = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5095] write(4, "\xe0", 1) = 1 [pid 5095] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5095] exit_group(0) = ? [ 110.783345][ T5095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 [ 110.926590][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x55556eab9660, 24) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x55556eab9650) = 5098 [pid 5098] chdir("./7") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] memfd_create("syzkaller", 0) = 3 [pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5098] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = 0 [pid 5098] mkdir("./file1", 0777) = 0 [ 111.108801][ T5098] loop0: detected capacity change from 0 to 1024 [ 111.135045][ T5098] EXT4-fs: Ignoring removed oldalloc option [pid 5098] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5098] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5098] chdir("./file1") = 0 [pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5098] write(4, "\xe0", 1) = 1 [pid 5098] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 111.175895][ T5098] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 111.243661][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached , child_tidptr=0x55556eab9650) = 5102 [pid 5102] set_robust_list(0x55556eab9660, 24) = 0 [pid 5102] chdir("./8") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5102] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] close(4) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [ 111.445258][ T5102] loop0: detected capacity change from 0 to 1024 [ 111.468260][ T5102] EXT4-fs: Ignoring removed oldalloc option [pid 5102] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file1") = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 111.494751][ T5102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5102] write(4, "\xe0", 1) = 1 [pid 5102] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 111.628739][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x55556eab9650) = 5105 [pid 5105] set_robust_list(0x55556eab9660, 24) = 0 [pid 5105] chdir("./9") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5105] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] close(4) = 0 [pid 5105] mkdir("./file1", 0777) = 0 [ 111.879955][ T5105] loop0: detected capacity change from 0 to 1024 [ 111.919621][ T5105] EXT4-fs: Ignoring removed oldalloc option [pid 5105] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file1") = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 111.952849][ T5105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5105] write(4, "\xe0", 1) = 1 [pid 5105] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5105] exit_group(0) = ? [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 [ 112.078055][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached , child_tidptr=0x55556eab9650) = 5108 [pid 5108] set_robust_list(0x55556eab9660, 24) = 0 [pid 5108] chdir("./10") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] memfd_create("syzkaller", 0) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5108] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] close(4) = 0 [pid 5108] mkdir("./file1", 0777) = 0 [ 112.299857][ T5108] loop0: detected capacity change from 0 to 1024 [pid 5108] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file1") = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5108] write(4, "\xe0", 1) = 1 [pid 5108] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5108] exit_group(0) = ? [ 112.341764][ T5108] EXT4-fs: Ignoring removed oldalloc option [ 112.372963][ T5108] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 112.475334][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached , child_tidptr=0x55556eab9650) = 5111 [pid 5111] set_robust_list(0x55556eab9660, 24) = 0 [pid 5111] chdir("./11") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5111] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] close(4) = 0 [pid 5111] mkdir("./file1", 0777) = 0 [ 112.658369][ T5111] loop0: detected capacity change from 0 to 1024 [ 112.693302][ T5111] EXT4-fs: Ignoring removed oldalloc option [pid 5111] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file1") = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5111] write(4, "\xe0", 1) = 1 [pid 5111] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5111] exit_group(0) = ? [pid 5111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 112.722555][ T5111] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 112.849774][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./11/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x55556eab9650) = 5114 [pid 5114] set_robust_list(0x55556eab9660, 24) = 0 [pid 5114] chdir("./12") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5114] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] close(4) = 0 [pid 5114] mkdir("./file1", 0777) = 0 [ 113.071466][ T5114] loop0: detected capacity change from 0 to 1024 [ 113.107566][ T5114] EXT4-fs: Ignoring removed oldalloc option [pid 5114] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5114] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file1") = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5114] write(4, "\xe0", 1) = 1 [pid 5114] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5114] exit_group(0) = ? [pid 5114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 113.133238][ T5114] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 113.207495][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached , child_tidptr=0x55556eab9650) = 5117 [pid 5117] set_robust_list(0x55556eab9660, 24) = 0 [pid 5117] chdir("./13") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5117] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] close(4) = 0 [pid 5117] mkdir("./file1", 0777) = 0 [ 113.407791][ T5117] loop0: detected capacity change from 0 to 1024 [ 113.434018][ T5117] EXT4-fs: Ignoring removed oldalloc option [pid 5117] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5117] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file1") = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5117] write(4, "\xe0", 1) = 1 [pid 5117] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5117] exit_group(0) = ? [pid 5117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 113.464095][ T5117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 [ 113.520822][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached , child_tidptr=0x55556eab9650) = 5120 [pid 5120] set_robust_list(0x55556eab9660, 24) = 0 [pid 5120] chdir("./14") = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5120] write(3, "1000", 4) = 4 [pid 5120] close(3) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5120] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] close(4) = 0 [pid 5120] mkdir("./file1", 0777) = 0 [ 113.750200][ T5120] loop0: detected capacity change from 0 to 1024 [ 113.787851][ T5120] EXT4-fs: Ignoring removed oldalloc option [pid 5120] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5120] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file1") = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5120] write(4, "\xe0", 1) = 1 [ 113.813586][ T5120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5120] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5120] exit_group(0) = ? [pid 5120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 113.900754][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached , child_tidptr=0x55556eab9650) = 5124 [pid 5124] set_robust_list(0x55556eab9660, 24) = 0 [pid 5124] chdir("./15") = 0 [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5124] setpgid(0, 0) = 0 [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5124] write(3, "1000", 4) = 4 [pid 5124] close(3) = 0 [pid 5124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5124] memfd_create("syzkaller", 0) = 3 [pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5124] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5124] close(3) = 0 [pid 5124] close(4) = 0 [pid 5124] mkdir("./file1", 0777) = 0 [ 114.138534][ T5124] loop0: detected capacity change from 0 to 1024 [ 114.171219][ T5124] EXT4-fs: Ignoring removed oldalloc option [pid 5124] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5124] chdir("./file1") = 0 [pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5124] write(4, "\xe0", 1) = 1 [pid 5124] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5124] exit_group(0) = ? [pid 5124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.194072][ T5124] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 114.263433][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./15/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5127 attached , child_tidptr=0x55556eab9650) = 5127 [pid 5127] set_robust_list(0x55556eab9660, 24) = 0 [pid 5127] chdir("./16") = 0 [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5127] setpgid(0, 0) = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5127] write(3, "1000", 4) = 4 [pid 5127] close(3) = 0 [pid 5127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5127] memfd_create("syzkaller", 0) = 3 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5127] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5127] close(3) = 0 [pid 5127] close(4) = 0 [pid 5127] mkdir("./file1", 0777) = 0 [ 114.495282][ T5127] loop0: detected capacity change from 0 to 1024 [ 114.522806][ T5127] EXT4-fs: Ignoring removed oldalloc option [pid 5127] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./file1") = 0 [pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5127] write(4, "\xe0", 1) = 1 [pid 5127] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5127] exit_group(0) = ? [pid 5127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 114.551614][ T5127] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 114.644398][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached , child_tidptr=0x55556eab9650) = 5130 [pid 5130] set_robust_list(0x55556eab9660, 24) = 0 [pid 5130] chdir("./17") = 0 [pid 5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5130] setpgid(0, 0) = 0 [pid 5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5130] write(3, "1000", 4) = 4 [pid 5130] close(3) = 0 [pid 5130] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5130] memfd_create("syzkaller", 0) = 3 [pid 5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5130] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5130] close(3) = 0 [pid 5130] close(4) = 0 [pid 5130] mkdir("./file1", 0777) = 0 [ 114.903129][ T5130] loop0: detected capacity change from 0 to 1024 [ 114.944001][ T5130] EXT4-fs: Ignoring removed oldalloc option [pid 5130] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5130] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5130] chdir("./file1") = 0 [pid 5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 114.983137][ T5130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5130] write(4, "\xe0", 1) = 1 [pid 5130] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5130] exit_group(0) = ? [pid 5130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 [ 115.113046][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached , child_tidptr=0x55556eab9650) = 5133 [pid 5133] set_robust_list(0x55556eab9660, 24) = 0 [pid 5133] chdir("./18") = 0 [pid 5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5133] setpgid(0, 0) = 0 [pid 5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5133] write(3, "1000", 4) = 4 [pid 5133] close(3) = 0 [pid 5133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5133] memfd_create("syzkaller", 0) = 3 [pid 5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5133] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5133] close(3) = 0 [pid 5133] close(4) = 0 [pid 5133] mkdir("./file1", 0777) = 0 [ 115.364438][ T5133] loop0: detected capacity change from 0 to 1024 [pid 5133] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5133] chdir("./file1") = 0 [pid 5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5133] write(4, "\xe0", 1) = 1 [pid 5133] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5133] exit_group(0) = ? [pid 5133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 115.413377][ T5133] EXT4-fs: Ignoring removed oldalloc option [ 115.433334][ T5133] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 115.499652][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5136 attached , child_tidptr=0x55556eab9650) = 5136 [pid 5136] set_robust_list(0x55556eab9660, 24) = 0 [pid 5136] chdir("./19") = 0 [pid 5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5136] setpgid(0, 0) = 0 [pid 5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5136] write(3, "1000", 4) = 4 [pid 5136] close(3) = 0 [pid 5136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5136] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5136] close(3) = 0 [pid 5136] close(4) = 0 [pid 5136] mkdir("./file1", 0777) = 0 [ 115.878482][ T5136] loop0: detected capacity change from 0 to 1024 [ 115.895953][ T5136] EXT4-fs: Ignoring removed oldalloc option [pid 5136] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5136] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5136] chdir("./file1") = 0 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5136] write(4, "\xe0", 1) = 1 [pid 5136] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [ 115.932044][ T5136] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5136] exit_group(0) = ? [pid 5136] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 116.037736][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5139 attached , child_tidptr=0x55556eab9650) = 5139 [pid 5139] set_robust_list(0x55556eab9660, 24) = 0 [pid 5139] chdir("./20") = 0 [pid 5139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5139] setpgid(0, 0) = 0 [pid 5139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5139] write(3, "1000", 4) = 4 [pid 5139] close(3) = 0 [pid 5139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5139] memfd_create("syzkaller", 0) = 3 [pid 5139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5139] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5139] close(3) = 0 [pid 5139] close(4) = 0 [pid 5139] mkdir("./file1", 0777) = 0 [ 116.265167][ T5139] loop0: detected capacity change from 0 to 1024 [ 116.283738][ T5139] EXT4-fs: Ignoring removed oldalloc option [pid 5139] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5139] chdir("./file1") = 0 [pid 5139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5139] write(4, "\xe0", 1) = 1 [pid 5139] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5139] exit_group(0) = ? [ 116.314417][ T5139] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5139, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 116.425417][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5142 attached , child_tidptr=0x55556eab9650) = 5142 [pid 5142] set_robust_list(0x55556eab9660, 24) = 0 [pid 5142] chdir("./21") = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5142] setpgid(0, 0) = 0 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5142] write(3, "1000", 4) = 4 [pid 5142] close(3) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5142] memfd_create("syzkaller", 0) = 3 [pid 5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5142] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5142] close(3) = 0 [pid 5142] close(4) = 0 [pid 5142] mkdir("./file1", 0777) = 0 [ 116.641611][ T5142] loop0: detected capacity change from 0 to 1024 [ 116.664709][ T5142] EXT4-fs: Ignoring removed oldalloc option [pid 5142] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5142] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5142] chdir("./file1") = 0 [ 116.681880][ T5142] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5142] write(4, "\xe0", 1) = 1 [pid 5142] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5142] exit_group(0) = ? [pid 5142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 116.814255][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5145 attached , child_tidptr=0x55556eab9650) = 5145 [pid 5145] set_robust_list(0x55556eab9660, 24) = 0 [pid 5145] chdir("./22") = 0 [pid 5145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5145] setpgid(0, 0) = 0 [pid 5145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5145] write(3, "1000", 4) = 4 [pid 5145] close(3) = 0 [pid 5145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5145] memfd_create("syzkaller", 0) = 3 [pid 5145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5145] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5145] close(3) = 0 [pid 5145] close(4) = 0 [pid 5145] mkdir("./file1", 0777) = 0 [ 117.027619][ T5145] loop0: detected capacity change from 0 to 1024 [ 117.061853][ T5145] EXT4-fs: Ignoring removed oldalloc option [pid 5145] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5145] chdir("./file1") = 0 [pid 5145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5145] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5145] write(4, "\xe0", 1) = 1 [pid 5145] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5145] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5145] exit_group(0) = ? [pid 5145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5145, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 117.082976][ T5145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 117.192872][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5148 attached , child_tidptr=0x55556eab9650) = 5148 [pid 5148] set_robust_list(0x55556eab9660, 24) = 0 [pid 5148] chdir("./23") = 0 [pid 5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5148] setpgid(0, 0) = 0 [pid 5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5148] write(3, "1000", 4) = 4 [pid 5148] close(3) = 0 [pid 5148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5148] memfd_create("syzkaller", 0) = 3 [pid 5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5148] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5148] close(3) = 0 [pid 5148] close(4) = 0 [pid 5148] mkdir("./file1", 0777) = 0 [ 117.428368][ T5148] loop0: detected capacity change from 0 to 1024 [ 117.456798][ T5148] EXT4-fs: Ignoring removed oldalloc option [pid 5148] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5148] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5148] chdir("./file1") = 0 [pid 5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5148] write(4, "\xe0", 1) = 1 [pid 5148] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5148] exit_group(0) = ? [ 117.492181][ T5148] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 [ 117.620682][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5151 attached , child_tidptr=0x55556eab9650) = 5151 [pid 5151] set_robust_list(0x55556eab9660, 24) = 0 [pid 5151] chdir("./24") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] memfd_create("syzkaller", 0) = 3 [pid 5151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5151] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5151] close(3) = 0 [pid 5151] close(4) = 0 [pid 5151] mkdir("./file1", 0777) = 0 [ 117.835050][ T5151] loop0: detected capacity change from 0 to 1024 [ 117.862610][ T5151] EXT4-fs: Ignoring removed oldalloc option [pid 5151] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5151] chdir("./file1") = 0 [pid 5151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5151] write(4, "\xe0", 1) = 1 [pid 5151] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5151] exit_group(0) = ? [ 117.882586][ T5151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 118.020405][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached , child_tidptr=0x55556eab9650) = 5154 [pid 5154] set_robust_list(0x55556eab9660, 24) = 0 [pid 5154] chdir("./25") = 0 [pid 5154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5154] setpgid(0, 0) = 0 [pid 5154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5154] write(3, "1000", 4) = 4 [pid 5154] close(3) = 0 [pid 5154] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5154] memfd_create("syzkaller", 0) = 3 [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5154] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5154] close(3) = 0 [pid 5154] close(4) = 0 [pid 5154] mkdir("./file1", 0777) = 0 [ 118.251569][ T5154] loop0: detected capacity change from 0 to 1024 [pid 5154] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5154] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./file1") = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5154] write(4, "\xe0", 1) = 1 [pid 5154] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 118.304042][ T5154] EXT4-fs: Ignoring removed oldalloc option [ 118.333976][ T5154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5154] exit_group(0) = ? [pid 5154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5154, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 118.411881][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5157 attached , child_tidptr=0x55556eab9650) = 5157 [pid 5157] set_robust_list(0x55556eab9660, 24) = 0 [pid 5157] chdir("./26") = 0 [pid 5157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5157] setpgid(0, 0) = 0 [pid 5157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5157] write(3, "1000", 4) = 4 [pid 5157] close(3) = 0 [pid 5157] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5157] memfd_create("syzkaller", 0) = 3 [pid 5157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5157] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5157] close(3) = 0 [pid 5157] close(4) = 0 [pid 5157] mkdir("./file1", 0777) = 0 [ 118.569266][ T5157] loop0: detected capacity change from 0 to 1024 [ 118.591721][ T5157] EXT4-fs: Ignoring removed oldalloc option [pid 5157] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5157] chdir("./file1") = 0 [pid 5157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5157] write(4, "\xe0", 1) = 1 [pid 5157] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5157] exit_group(0) = ? [ 118.619385][ T5157] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5157, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 118.706955][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x55556eab9650) = 5160 [pid 5160] set_robust_list(0x55556eab9660, 24) = 0 [pid 5160] chdir("./27") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5160] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5160] close(3) = 0 [pid 5160] close(4) = 0 [pid 5160] mkdir("./file1", 0777) = 0 [ 118.953414][ T5160] loop0: detected capacity change from 0 to 1024 [ 118.982692][ T5160] EXT4-fs: Ignoring removed oldalloc option [pid 5160] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5160] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5160] chdir("./file1") = 0 [pid 5160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5160] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5160] write(4, "\xe0", 1) = 1 [pid 5160] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5160] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5160] exit_group(0) = ? [ 119.009158][ T5160] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 119.116840][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x55556eab9650) = 5164 [pid 5164] set_robust_list(0x55556eab9660, 24) = 0 [pid 5164] chdir("./28") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5164] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] close(4) = 0 [pid 5164] mkdir("./file1", 0777) = 0 [ 119.315944][ T5164] loop0: detected capacity change from 0 to 1024 [ 119.337989][ T5164] EXT4-fs: Ignoring removed oldalloc option [pid 5164] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5164] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file1") = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 119.372699][ T5164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5164] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5164] write(4, "\xe0", 1) = 1 [pid 5164] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5164] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5164] exit_group(0) = ? [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 119.524691][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5168 attached , child_tidptr=0x55556eab9650) = 5168 [pid 5168] set_robust_list(0x55556eab9660, 24) = 0 [pid 5168] chdir("./29") = 0 [pid 5168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5168] setpgid(0, 0) = 0 [pid 5168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5168] write(3, "1000", 4) = 4 [pid 5168] close(3) = 0 [pid 5168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5168] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] close(4) = 0 [pid 5168] mkdir("./file1", 0777) = 0 [ 119.734163][ T5168] loop0: detected capacity change from 0 to 1024 [ 119.756867][ T5168] EXT4-fs: Ignoring removed oldalloc option [pid 5168] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5168] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file1") = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5168] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5168] write(4, "\xe0", 1) = 1 [pid 5168] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5168] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5168] exit_group(0) = ? [pid 5168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5168, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 119.783246][ T5168] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 119.848415][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5171 attached , child_tidptr=0x55556eab9650) = 5171 [pid 5171] set_robust_list(0x55556eab9660, 24) = 0 [pid 5171] chdir("./30") = 0 [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5171] setpgid(0, 0) = 0 [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5171] write(3, "1000", 4) = 4 [pid 5171] close(3) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5171] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] close(4) = 0 [pid 5171] mkdir("./file1", 0777) = 0 [ 120.053619][ T5171] loop0: detected capacity change from 0 to 1024 [ 120.081367][ T5171] EXT4-fs: Ignoring removed oldalloc option [pid 5171] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./file1") = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5171] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5171] write(4, "\xe0", 1) = 1 [pid 5171] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5171] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5171] exit_group(0) = ? [pid 5171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 120.102326][ T5171] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 120.181139][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x55556eab9650) = 5174 [pid 5174] set_robust_list(0x55556eab9660, 24) = 0 [pid 5174] chdir("./31") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5174] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] close(4) = 0 [pid 5174] mkdir("./file1", 0777) = 0 [ 120.406746][ T5174] loop0: detected capacity change from 0 to 1024 [ 120.429023][ T5174] EXT4-fs: Ignoring removed oldalloc option [pid 5174] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5174] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file1") = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5174] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5174] write(4, "\xe0", 1) = 1 [pid 5174] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5174] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5174] exit_group(0) = ? [ 120.455588][ T5174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 120.576226][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5178 attached , child_tidptr=0x55556eab9650) = 5178 [pid 5178] set_robust_list(0x55556eab9660, 24) = 0 [pid 5178] chdir("./32") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] memfd_create("syzkaller", 0) = 3 [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5178] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5178] close(3) = 0 [pid 5178] close(4) = 0 [pid 5178] mkdir("./file1", 0777) = 0 [pid 5178] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5178] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] chdir("./file1") = 0 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5178] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5178] write(4, "\xe0", 1) = 1 [pid 5178] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 120.796364][ T5178] loop0: detected capacity change from 0 to 1024 [ 120.821774][ T5178] EXT4-fs: Ignoring removed oldalloc option [pid 5178] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5178] exit_group(0) = ? [pid 5178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5178, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5181 attached , child_tidptr=0x55556eab9650) = 5181 [pid 5181] set_robust_list(0x55556eab9660, 24) = 0 [pid 5181] chdir("./33") = 0 [pid 5181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5181] setpgid(0, 0) = 0 [pid 5181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5181] write(3, "1000", 4) = 4 [pid 5181] close(3) = 0 [pid 5181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5181] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] close(4) = 0 [pid 5181] mkdir("./file1", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5181] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file1") = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 121.139734][ T5181] loop0: detected capacity change from 0 to 1024 [ 121.163821][ T5181] EXT4-fs: Ignoring removed oldalloc option [pid 5181] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5181] write(4, "\xe0", 1) = 1 [pid 5181] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5181] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5181] exit_group(0) = ? [pid 5181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5181, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x55556eab9650) = 5184 [pid 5184] set_robust_list(0x55556eab9660, 24) = 0 [pid 5184] chdir("./34") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5184] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./file1", 0777) = 0 [ 121.483153][ T5184] loop0: detected capacity change from 0 to 1024 [pid 5184] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5184] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file1") = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5184] write(4, "\xe0", 1) = 1 [pid 5184] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 121.523462][ T5184] EXT4-fs: Ignoring removed oldalloc option [pid 5184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5184] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5187 attached , child_tidptr=0x55556eab9650) = 5187 [pid 5187] set_robust_list(0x55556eab9660, 24) = 0 [pid 5187] chdir("./35") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5187] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5187] close(3) = 0 [pid 5187] close(4) = 0 [pid 5187] mkdir("./file1", 0777) = 0 [pid 5187] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5187] chdir("./file1") = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5187] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5187] write(4, "\xe0", 1) = 1 [ 121.869519][ T5187] loop0: detected capacity change from 0 to 1024 [ 121.895664][ T5187] EXT4-fs: Ignoring removed oldalloc option [pid 5187] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5187] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5187] exit_group(0) = ? [pid 5187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5187, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5190 attached , child_tidptr=0x55556eab9650) = 5190 [pid 5190] set_robust_list(0x55556eab9660, 24) = 0 [pid 5190] chdir("./36") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] memfd_create("syzkaller", 0) = 3 [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5190] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5190] close(3) = 0 [pid 5190] close(4) = 0 [pid 5190] mkdir("./file1", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5190] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 122.256787][ T5190] loop0: detected capacity change from 0 to 1024 [ 122.290954][ T5190] EXT4-fs: Ignoring removed oldalloc option [pid 5190] chdir("./file1") = 0 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5190] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5190] write(4, "\xe0", 1) = 1 [pid 5190] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5190] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5190] exit_group(0) = ? [pid 5190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5190, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5193 attached , child_tidptr=0x55556eab9650) = 5193 [pid 5193] set_robust_list(0x55556eab9660, 24) = 0 [pid 5193] chdir("./37") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] memfd_create("syzkaller", 0) = 3 [pid 5193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5193] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5193] close(3) = 0 [pid 5193] close(4) = 0 [pid 5193] mkdir("./file1", 0777) = 0 [ 122.612939][ T5193] loop0: detected capacity change from 0 to 1024 [pid 5193] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5193] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5193] chdir("./file1") = 0 [ 122.653365][ T5193] EXT4-fs: Ignoring removed oldalloc option [pid 5193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5193] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5193] write(4, "\xe0", 1) = 1 [pid 5193] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5193] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5193] exit_group(0) = ? [pid 5193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached , child_tidptr=0x55556eab9650) = 5196 [pid 5196] set_robust_list(0x55556eab9660, 24) = 0 [pid 5196] chdir("./38") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5196] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] close(4) = 0 [pid 5196] mkdir("./file1", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5196] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./file1") = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 122.975000][ T5196] loop0: detected capacity change from 0 to 1024 [ 123.001830][ T5196] EXT4-fs: Ignoring removed oldalloc option [pid 5196] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5196] write(4, "\xe0", 1) = 1 [pid 5196] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5196] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5196] exit_group(0) = ? [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x55556eab9660, 24 [pid 5073] <... clone resumed>, child_tidptr=0x55556eab9650) = 5199 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5199] chdir("./39") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5199] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] close(4) = 0 [pid 5199] mkdir("./file1", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5199] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 123.356876][ T5199] loop0: detected capacity change from 0 to 1024 [ 123.388317][ T5199] EXT4-fs: Ignoring removed oldalloc option [pid 5199] chdir("./file1") = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5199] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5199] write(4, "\xe0", 1) = 1 [pid 5199] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5199] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5199] exit_group(0) = ? [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached , child_tidptr=0x55556eab9650) = 5202 [pid 5202] set_robust_list(0x55556eab9660, 24) = 0 [pid 5202] chdir("./40") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5202] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] close(4) = 0 [pid 5202] mkdir("./file1", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5202] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 123.827001][ T5202] loop0: detected capacity change from 0 to 1024 [ 123.858560][ T5202] EXT4-fs: Ignoring removed oldalloc option [pid 5202] chdir("./file1") = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5202] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5202] write(4, "\xe0", 1) = 1 [pid 5202] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5202] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5202] exit_group(0) = ? [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5205 attached , child_tidptr=0x55556eab9650) = 5205 [pid 5205] set_robust_list(0x55556eab9660, 24) = 0 [pid 5205] chdir("./41") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5205] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] close(4) = 0 [pid 5205] mkdir("./file1", 0777) = 0 [ 124.238242][ T5205] loop0: detected capacity change from 0 to 1024 [pid 5205] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5205] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file1") = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 124.279393][ T5205] EXT4-fs: Ignoring removed oldalloc option [pid 5205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5205] write(4, "\xe0", 1) = 1 [pid 5205] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5205] exit_group(0) = ? [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached , child_tidptr=0x55556eab9650) = 5208 [pid 5208] set_robust_list(0x55556eab9660, 24) = 0 [pid 5208] chdir("./42") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5208] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] close(4) = 0 [pid 5208] mkdir("./file1", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./file1") = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5208] write(4, "\xe0", 1) = 1 [pid 5208] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5208] exit_group(0) = ? [ 124.670801][ T5208] loop0: detected capacity change from 0 to 1024 [ 124.697686][ T5208] EXT4-fs: Ignoring removed oldalloc option [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5211 attached , child_tidptr=0x55556eab9650) = 5211 [pid 5211] set_robust_list(0x55556eab9660, 24) = 0 [pid 5211] chdir("./43") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] memfd_create("syzkaller", 0) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5211] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] close(4) = 0 [pid 5211] mkdir("./file1", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5211] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./file1") = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 124.990219][ T5211] loop0: detected capacity change from 0 to 1024 [ 125.000259][ T5211] EXT4-fs: Ignoring removed oldalloc option [pid 5211] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5211] write(4, "\xe0", 1) = 1 [pid 5211] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5211] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5211] exit_group(0) = ? [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x55556eab9650) = 5214 [pid 5214] set_robust_list(0x55556eab9660, 24) = 0 [pid 5214] chdir("./44") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5214] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] close(4) = 0 [pid 5214] mkdir("./file1", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5214] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file1") = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 125.319237][ T5214] loop0: detected capacity change from 0 to 1024 [ 125.354637][ T5214] EXT4-fs: Ignoring removed oldalloc option [pid 5214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5214] write(4, "\xe0", 1) = 1 [pid 5214] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5214] exit_group(0) = ? [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached , child_tidptr=0x55556eab9650) = 5217 [pid 5217] set_robust_list(0x55556eab9660, 24) = 0 [pid 5217] chdir("./45") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5217] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] close(4) = 0 [pid 5217] mkdir("./file1", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5217] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file1") = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 125.662880][ T5217] loop0: detected capacity change from 0 to 1024 [ 125.684441][ T5217] EXT4-fs: Ignoring removed oldalloc option [pid 5217] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5217] write(4, "\xe0", 1) = 1 [pid 5217] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5217] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5217] exit_group(0) = ? [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached , child_tidptr=0x55556eab9650) = 5220 [pid 5220] set_robust_list(0x55556eab9660, 24) = 0 [pid 5220] chdir("./46") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5220] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] close(4) = 0 [pid 5220] mkdir("./file1", 0777) = 0 [ 126.019402][ T5220] loop0: detected capacity change from 0 to 1024 [pid 5220] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5220] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file1") = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5220] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5220] write(4, "\xe0", 1) = 1 [pid 5220] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5220] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [ 126.069972][ T5220] EXT4-fs: Ignoring removed oldalloc option [pid 5220] exit_group(0) = ? [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x55556eab9650) = 5224 [pid 5224] set_robust_list(0x55556eab9660, 24) = 0 [pid 5224] chdir("./47") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5224] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./file1", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file1") = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 126.425366][ T5224] loop0: detected capacity change from 0 to 1024 [ 126.455898][ T5224] EXT4-fs: Ignoring removed oldalloc option [pid 5224] write(4, "\xe0", 1) = 1 [pid 5224] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5224] exit_group(0) = ? [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x55556eab9650) = 5227 [pid 5227] set_robust_list(0x55556eab9660, 24) = 0 [pid 5227] chdir("./48") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5227] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] close(4) = 0 [pid 5227] mkdir("./file1", 0777) = 0 [ 126.749502][ T5227] loop0: detected capacity change from 0 to 1024 [pid 5227] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5227] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./file1") = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 126.789619][ T5227] EXT4-fs: Ignoring removed oldalloc option [pid 5227] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5227] write(4, "\xe0", 1) = 1 [pid 5227] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5227] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5227] exit_group(0) = ? [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5230 attached , child_tidptr=0x55556eab9650) = 5230 [pid 5230] set_robust_list(0x55556eab9660, 24) = 0 [pid 5230] chdir("./49") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5230] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] close(4) = 0 [pid 5230] mkdir("./file1", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file1") = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 127.099883][ T5230] loop0: detected capacity change from 0 to 1024 [ 127.121171][ T5230] EXT4-fs: Ignoring removed oldalloc option [pid 5230] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5230] write(4, "\xe0", 1) = 1 [pid 5230] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5230] exit_group(0) = ? [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x55556eab9660, 24) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x55556eab9650) = 5233 [pid 5233] chdir("./50") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5233] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] close(4) = 0 [pid 5233] mkdir("./file1", 0777) = 0 [pid 5233] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5233] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./file1") = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5233] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 127.414881][ T5233] loop0: detected capacity change from 0 to 1024 [ 127.437231][ T5233] EXT4-fs: Ignoring removed oldalloc option [pid 5233] write(4, "\xe0", 1) = 1 [pid 5233] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5233] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5233] exit_group(0) = ? [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached , child_tidptr=0x55556eab9650) = 5236 [pid 5236] set_robust_list(0x55556eab9660, 24) = 0 [pid 5236] chdir("./51") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5236] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] close(4) = 0 [pid 5236] mkdir("./file1", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5236] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file1") = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5236] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5236] write(4, "\xe0", 1) = 1 [pid 5236] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 127.761262][ T5236] loop0: detected capacity change from 0 to 1024 [ 127.790261][ T5236] EXT4-fs: Ignoring removed oldalloc option [pid 5236] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5236] exit_group(0) = ? [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5239 attached , child_tidptr=0x55556eab9650) = 5239 [pid 5239] set_robust_list(0x55556eab9660, 24) = 0 [pid 5239] chdir("./52") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5239] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] close(4) = 0 [pid 5239] mkdir("./file1", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [ 128.126928][ T5239] loop0: detected capacity change from 0 to 1024 [ 128.144211][ T5239] EXT4-fs: Ignoring removed oldalloc option [pid 5239] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file1") = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5239] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5239] write(4, "\xe0", 1) = 1 [pid 5239] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5239] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5239] exit_group(0) = ? [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5242 attached , child_tidptr=0x55556eab9650) = 5242 [pid 5242] set_robust_list(0x55556eab9660, 24) = 0 [pid 5242] chdir("./53") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5242] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] close(4) = 0 [pid 5242] mkdir("./file1", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [ 128.523797][ T5242] loop0: detected capacity change from 0 to 1024 [ 128.540410][ T5242] EXT4-fs: Ignoring removed oldalloc option [pid 5242] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file1") = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5242] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5242] write(4, "\xe0", 1) = 1 [pid 5242] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5242] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5242] exit_group(0) = ? [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5245 attached , child_tidptr=0x55556eab9650) = 5245 [pid 5245] set_robust_list(0x55556eab9660, 24) = 0 [pid 5245] chdir("./54") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5245] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] close(4) = 0 [pid 5245] mkdir("./file1", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5245] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 128.891844][ T5245] loop0: detected capacity change from 0 to 1024 [ 128.910977][ T5245] EXT4-fs: Ignoring removed oldalloc option [pid 5245] chdir("./file1") = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5245] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5245] write(4, "\xe0", 1) = 1 [pid 5245] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5245] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5245] exit_group(0) = ? [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556eab9650) = 5248 ./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x55556eab9660, 24) = 0 [pid 5248] chdir("./55") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5248] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] close(4) = 0 [pid 5248] mkdir("./file1", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5248] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file1") = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 129.322600][ T5248] loop0: detected capacity change from 0 to 1024 [ 129.350429][ T5248] EXT4-fs: Ignoring removed oldalloc option [pid 5248] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5248] write(4, "\xe0", 1) = 1 [pid 5248] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5248] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5248] exit_group(0) = ? [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5251 attached , child_tidptr=0x55556eab9650) = 5251 [pid 5251] set_robust_list(0x55556eab9660, 24) = 0 [pid 5251] chdir("./56") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5251] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] close(4) = 0 [pid 5251] mkdir("./file1", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5251] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file1") = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5251] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 129.741831][ T5251] loop0: detected capacity change from 0 to 1024 [ 129.781338][ T5251] EXT4-fs: Ignoring removed oldalloc option [pid 5251] write(4, "\xe0", 1) = 1 [pid 5251] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5251] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5251] exit_group(0) = ? [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5254 attached , child_tidptr=0x55556eab9650) = 5254 [pid 5254] set_robust_list(0x55556eab9660, 24) = 0 [pid 5254] chdir("./57") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5254] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] close(4) = 0 [pid 5254] mkdir("./file1", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [ 130.062314][ T5254] loop0: detected capacity change from 0 to 1024 [ 130.102063][ T5254] EXT4-fs: Ignoring removed oldalloc option [pid 5254] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file1") = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5254] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5254] write(4, "\xe0", 1) = 1 [pid 5254] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5254] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5254] exit_group(0) = ? [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5257 attached , child_tidptr=0x55556eab9650) = 5257 [pid 5257] set_robust_list(0x55556eab9660, 24) = 0 [pid 5257] chdir("./58") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5257] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] close(4) = 0 [pid 5257] mkdir("./file1", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5257] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file1") = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5257] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5257] write(4, "\xe0", 1) = 1 [pid 5257] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5257] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [ 130.437041][ T5257] loop0: detected capacity change from 0 to 1024 [ 130.466270][ T5257] EXT4-fs: Ignoring removed oldalloc option [pid 5257] exit_group(0) = ? [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5260 attached , child_tidptr=0x55556eab9650) = 5260 [pid 5260] set_robust_list(0x55556eab9660, 24) = 0 [pid 5260] chdir("./59") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5260] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] close(4) = 0 [pid 5260] mkdir("./file1", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5260] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5260] chdir("./file1") = 0 [ 130.767175][ T5260] loop0: detected capacity change from 0 to 1024 [ 130.800522][ T5260] EXT4-fs: Ignoring removed oldalloc option [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5260] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5260] write(4, "\xe0", 1) = 1 [pid 5260] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5260] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5260] exit_group(0) = ? [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5263 attached , child_tidptr=0x55556eab9650) = 5263 [pid 5263] set_robust_list(0x55556eab9660, 24) = 0 [pid 5263] chdir("./60") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5263] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] close(4) = 0 [pid 5263] mkdir("./file1", 0777) = 0 [ 131.186848][ T5263] loop0: detected capacity change from 0 to 1024 [pid 5263] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5263] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file1") = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5263] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5263] write(4, "\xe0", 1) = 1 [pid 5263] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5263] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5263] exit_group(0) = ? [ 131.236563][ T5263] EXT4-fs: Ignoring removed oldalloc option [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5266 attached , child_tidptr=0x55556eab9650) = 5266 [pid 5266] set_robust_list(0x55556eab9660, 24) = 0 [pid 5266] chdir("./61") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] memfd_create("syzkaller", 0) = 3 [pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5266] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5266] close(3) = 0 [pid 5266] close(4) = 0 [pid 5266] mkdir("./file1", 0777) = 0 [pid 5266] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5266] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5266] chdir("./file1") = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 131.559105][ T5266] loop0: detected capacity change from 0 to 1024 [ 131.598432][ T5266] EXT4-fs: Ignoring removed oldalloc option [pid 5266] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5266] write(4, "\xe0", 1) = 1 [pid 5266] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5266] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5266] exit_group(0) = ? [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x55556eab9660, 24 [pid 5073] <... clone resumed>, child_tidptr=0x55556eab9650) = 5269 [pid 5269] <... set_robust_list resumed>) = 0 [pid 5269] chdir("./62") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5269] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] close(4) = 0 [pid 5269] mkdir("./file1", 0777) = 0 [pid 5269] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5269] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file1") = 0 [ 131.874152][ T5269] loop0: detected capacity change from 0 to 1024 [ 131.911607][ T5269] EXT4-fs: Ignoring removed oldalloc option [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5269] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5269] write(4, "\xe0", 1) = 1 [pid 5269] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5269] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5269] exit_group(0) = ? [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5272 attached , child_tidptr=0x55556eab9650) = 5272 [pid 5272] set_robust_list(0x55556eab9660, 24) = 0 [pid 5272] chdir("./63") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] memfd_create("syzkaller", 0) = 3 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5272] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5272] close(3) = 0 [pid 5272] close(4) = 0 [pid 5272] mkdir("./file1", 0777) = 0 [pid 5272] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5272] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5272] chdir("./file1") = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5272] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 132.308102][ T5272] loop0: detected capacity change from 0 to 1024 [ 132.345229][ T5272] EXT4-fs: Ignoring removed oldalloc option [pid 5272] write(4, "\xe0", 1) = 1 [pid 5272] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5272] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5272] exit_group(0) = ? [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5275 attached , child_tidptr=0x55556eab9650) = 5275 [pid 5275] set_robust_list(0x55556eab9660, 24) = 0 [pid 5275] chdir("./64") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5275] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] close(4) = 0 [pid 5275] mkdir("./file1", 0777) = 0 [pid 5275] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5275] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file1") = 0 [ 132.643534][ T5275] loop0: detected capacity change from 0 to 1024 [ 132.671525][ T5275] EXT4-fs: Ignoring removed oldalloc option [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5275] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5275] write(4, "\xe0", 1) = 1 [pid 5275] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 132.752509][ T5275] [ 132.754890][ T5275] ====================================================== [ 132.761912][ T5275] WARNING: possible circular locking dependency detected [ 132.768941][ T5275] 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted [ 132.775627][ T5275] ------------------------------------------------------ [ 132.782745][ T5275] syz-executor545/5275 is trying to acquire lock: [ 132.789168][ T5275] ffff888077730400 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}, at: ext4_xattr_inode_iget+0x173/0x440 [ 132.799608][ T5275] [ 132.799608][ T5275] but task is already holding lock: [ 132.807154][ T5275] ffff888077730c88 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1ba0/0x29d0 [ 132.816519][ T5275] [ 132.816519][ T5275] which lock already depends on the new lock. [ 132.816519][ T5275] [ 132.826948][ T5275] [ 132.826948][ T5275] the existing dependency chain (in reverse order) is: [ 132.835962][ T5275] [ 132.835962][ T5275] -> #1 (&ei->i_data_sem/3){++++}-{3:3}: [ 132.843849][ T5275] down_write+0x3a/0x50 [ 132.848602][ T5275] ext4_xattr_set_entry+0x3a14/0x3cf0 [ 132.854520][ T5275] ext4_xattr_ibody_set+0x126/0x380 [ 132.860277][ T5275] ext4_xattr_set_handle+0x98d/0x1480 [ 132.866202][ T5275] ext4_xattr_set+0x149/0x380 [ 132.871614][ T5275] __vfs_setxattr+0x176/0x1e0 [ 132.876850][ T5275] __vfs_setxattr_noperm+0x127/0x5e0 [ 132.882703][ T5275] __vfs_setxattr_locked+0x182/0x260 [ 132.888546][ T5275] vfs_setxattr+0x146/0x350 [ 132.893626][ T5275] do_setxattr+0x146/0x170 [ 132.898605][ T5275] setxattr+0x15d/0x180 [ 132.903314][ T5275] path_setxattr+0x179/0x1e0 [ 132.908460][ T5275] __x64_sys_lsetxattr+0xc1/0x160 [ 132.914040][ T5275] do_syscall_64+0xd5/0x260 [ 132.919112][ T5275] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 132.925570][ T5275] [ 132.925570][ T5275] -> #0 (&ea_inode->i_rwsem#8/1){+.+.}-{3:3}: [ 132.933890][ T5275] __lock_acquire+0x2478/0x3b30 [ 132.939291][ T5275] lock_acquire+0x1b1/0x540 [ 132.944343][ T5275] down_write+0x3a/0x50 [ 132.949075][ T5275] ext4_xattr_inode_iget+0x173/0x440 [ 132.954936][ T5275] ext4_xattr_inode_get+0x16c/0x870 [ 132.960697][ T5275] ext4_expand_extra_isize_ea+0x1367/0x1ae0 [ 132.967145][ T5275] __ext4_expand_extra_isize+0x346/0x480 [ 132.973326][ T5275] __ext4_mark_inode_dirty+0x55a/0x860 [ 132.979323][ T5275] ext4_setattr+0x1c14/0x29d0 [ 132.984558][ T5275] notify_change+0x745/0x11c0 [ 132.989793][ T5275] do_truncate+0x15c/0x220 [ 132.994774][ T5275] path_openat+0x24b9/0x2990 [ 132.999924][ T5275] do_filp_open+0x1dc/0x430 [ 133.004974][ T5275] do_sys_openat2+0x17a/0x1e0 [ 133.010197][ T5275] __x64_sys_openat+0x175/0x210 [ 133.015600][ T5275] do_syscall_64+0xd5/0x260 [ 133.020655][ T5275] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 133.027109][ T5275] [ 133.027109][ T5275] other info that might help us debug this: [ 133.027109][ T5275] [ 133.037367][ T5275] Possible unsafe locking scenario: [ 133.037367][ T5275] [ 133.044829][ T5275] CPU0 CPU1 [ 133.050199][ T5275] ---- ---- [ 133.055567][ T5275] lock(&ei->i_data_sem/3); [ 133.060180][ T5275] lock(&ea_inode->i_rwsem#8/1); [ 133.067841][ T5275] lock(&ei->i_data_sem/3); [ 133.074973][ T5275] lock(&ea_inode->i_rwsem#8/1); [ 133.080027][ T5275] [ 133.080027][ T5275] *** DEADLOCK *** [ 133.080027][ T5275] [ 133.088170][ T5275] 5 locks held by syz-executor545/5275: [ 133.093717][ T5275] #0: ffff888022da6420 (sb_writers#4){.+.+}-{0:0}, at: path_openat+0x1fba/0x2990 [ 133.103011][ T5275] #1: ffff888077730e00 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: do_truncate+0x14b/0x220 [ 133.113344][ T5275] #2: ffff888077730fa0 (mapping.invalidate_lock){++++}-{3:3}, at: ext4_setattr+0xdfd/0x29d0 [ 133.123592][ T5275] #3: ffff888077730c88 (&ei->i_data_sem/3){++++}-{3:3}, at: ext4_setattr+0x1ba0/0x29d0 [ 133.133401][ T5275] #4: ffff888077730ac8 (&ei->xattr_sem){++++}-{3:3}, at: __ext4_mark_inode_dirty+0x4cf/0x860 [ 133.143768][ T5275] [ 133.143768][ T5275] stack backtrace: [ 133.149804][ T5275] CPU: 1 PID: 5275 Comm: syz-executor545 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 133.159923][ T5275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 133.169997][ T5275] Call Trace: [ 133.173286][ T5275] [ 133.176233][ T5275] dump_stack_lvl+0x116/0x1f0 [ 133.180967][ T5275] check_noncircular+0x31a/0x400 [ 133.185938][ T5275] ? __pfx_check_noncircular+0x10/0x10 [ 133.191451][ T5275] ? lockdep_lock+0xc6/0x200 [ 133.196102][ T5275] ? __pfx_lockdep_lock+0x10/0x10 [ 133.201184][ T5275] __lock_acquire+0x2478/0x3b30 [ 133.206093][ T5275] ? __pfx___lock_acquire+0x10/0x10 [ 133.211342][ T5275] ? check_igot_inode+0x7c/0x1b0 [ 133.216335][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.221234][ T5275] ? look_up_lock_class+0x59/0x140 [ 133.226414][ T5275] ? __ext4_iget+0x1de/0x4370 [ 133.231147][ T5275] lock_acquire+0x1b1/0x540 [ 133.235704][ T5275] ? ext4_xattr_inode_iget+0x173/0x440 [ 133.241225][ T5275] ? __pfx_lock_acquire+0x10/0x10 [ 133.246290][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.251211][ T5275] ? __pfx___might_resched+0x10/0x10 [ 133.256561][ T5275] down_write+0x3a/0x50 [ 133.260767][ T5275] ? ext4_xattr_inode_iget+0x173/0x440 [ 133.266291][ T5275] ext4_xattr_inode_iget+0x173/0x440 [ 133.271641][ T5275] ext4_xattr_inode_get+0x16c/0x870 [ 133.276894][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.281795][ T5275] ? rcu_is_watching+0x12/0xc0 [ 133.286610][ T5275] ? __pfx_ext4_xattr_inode_get+0x10/0x10 [ 133.292372][ T5275] ? __kmalloc_node+0x244/0x480 [ 133.297242][ T5275] ? kvmalloc_node+0x9d/0x1a0 [ 133.301951][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.306856][ T5275] ext4_expand_extra_isize_ea+0x1367/0x1ae0 [ 133.312798][ T5275] ? __pfx_ext4_expand_extra_isize_ea+0x10/0x10 [ 133.319068][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.323957][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.328840][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.333720][ T5275] ? dquot_initialize_needed+0x183/0x2a0 [ 133.339415][ T5275] __ext4_expand_extra_isize+0x346/0x480 [ 133.345196][ T5275] __ext4_mark_inode_dirty+0x55a/0x860 [ 133.350681][ T5275] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 133.356692][ T5275] ? __pfx_lock_acquire+0x10/0x10 [ 133.361751][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.366654][ T5275] ? __pfx___might_resched+0x10/0x10 [ 133.371964][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.376861][ T5275] ext4_setattr+0x1c14/0x29d0 [ 133.381557][ T5275] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 133.387526][ T5275] ? __pfx_ext4_setattr+0x10/0x10 [ 133.392609][ T5275] notify_change+0x745/0x11c0 [ 133.397317][ T5275] do_truncate+0x15c/0x220 [ 133.401776][ T5275] ? __pfx_do_truncate+0x10/0x10 [ 133.406763][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.411663][ T5275] ? common_perm_cond+0x242/0x560 [ 133.416758][ T5275] path_openat+0x24b9/0x2990 [ 133.421423][ T5275] ? __pfx_path_openat+0x10/0x10 [ 133.426404][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.431301][ T5275] ? __pfx___lock_acquire+0x10/0x10 [ 133.436534][ T5275] ? find_held_lock+0x2d/0x110 [ 133.441355][ T5275] do_filp_open+0x1dc/0x430 [ 133.445907][ T5275] ? __pfx_do_filp_open+0x10/0x10 [ 133.450967][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.455875][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.460803][ T5275] ? find_held_lock+0x2d/0x110 [ 133.465629][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.470543][ T5275] ? _raw_spin_unlock+0x28/0x50 [ 133.475414][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.480311][ T5275] ? alloc_fd+0x2d9/0x6c0 [ 133.484779][ T5275] do_sys_openat2+0x17a/0x1e0 [ 133.489518][ T5275] ? __pfx_do_sys_openat2+0x10/0x10 [ 133.494746][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.499626][ T5275] ? ptrace_notify+0xf1/0x130 [ 133.504334][ T5275] ? __pfx_lock_release+0x10/0x10 [ 133.509381][ T5275] __x64_sys_openat+0x175/0x210 [ 133.514256][ T5275] ? __pfx___x64_sys_openat+0x10/0x10 [ 133.519651][ T5275] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.524880][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.529788][ T5275] ? _raw_spin_unlock_irq+0x2e/0x50 [ 133.535009][ T5275] ? srso_return_thunk+0x5/0x5f [ 133.539902][ T5275] ? ptrace_notify+0xf1/0x130 [ 133.544612][ T5275] do_syscall_64+0xd5/0x260 [ 133.549168][ T5275] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 133.555111][ T5275] RIP: 0033:0x7fc7c030b2e9 [ 133.559550][ T5275] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 133.579211][ T5275] RSP: 002b:00007ffc3c4a0608 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 133.587645][ T5275] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007fc7c030b2e9 [ 133.595629][ T5275] RDX: 0000000000143362 RSI: 00000000200000c0 RDI: 00000000ffffff9c [pid 5275] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5275] exit_group(0) = ? [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 133.603613][ T5275] RBP: 6c6c616c65646f6e R08: 00007ffc3c4a0640 R09: 00007ffc3c4a0640 [ 133.611613][ T5275] R10: 000000000a000000 R11: 0000000000000246 R12: 00007ffc3c4a062c [ 133.619595][ T5275] R13: 0000000000000040 R14: 431bde82d7b634db R15: 00007ffc3c4a0660 [ 133.627624][ T5275] umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556eab9650) = 5278 ./strace-static-x86_64: Process 5278 attached [pid 5278] set_robust_list(0x55556eab9660, 24) = 0 [pid 5278] chdir("./65") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] memfd_create("syzkaller", 0) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5278] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] close(4) = 0 [pid 5278] mkdir("./file1", 0777) = 0 [pid 5278] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5278] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./file1") = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5278] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 133.942622][ T5278] loop0: detected capacity change from 0 to 1024 [ 133.976925][ T5278] EXT4-fs: Ignoring removed oldalloc option [pid 5278] write(4, "\xe0", 1) = 1 [pid 5278] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5278] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5278] exit_group(0) = ? [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x55556eab9650) = 5281 [pid 5281] set_robust_list(0x55556eab9660, 24) = 0 [pid 5281] chdir("./66") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] memfd_create("syzkaller", 0) = 3 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5281] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] close(4) = 0 [pid 5281] mkdir("./file1", 0777) = 0 [ 134.259147][ T5281] loop0: detected capacity change from 0 to 1024 [pid 5281] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5281] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5281] chdir("./file1") = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5281] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5281] write(4, "\xe0", 1) = 1 [pid 5281] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 134.300252][ T5281] EXT4-fs: Ignoring removed oldalloc option [pid 5281] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5281] exit_group(0) = ? [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x55556eab9650) = 5284 [pid 5284] set_robust_list(0x55556eab9660, 24) = 0 [pid 5284] chdir("./67") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] memfd_create("syzkaller", 0) = 3 [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5284] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] close(4) = 0 [pid 5284] mkdir("./file1", 0777) = 0 [pid 5284] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./file1") = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 134.614903][ T5284] loop0: detected capacity change from 0 to 1024 [ 134.643005][ T5284] EXT4-fs: Ignoring removed oldalloc option [pid 5284] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5284] write(4, "\xe0", 1) = 1 [pid 5284] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5284] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5284] exit_group(0) = ? [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached , child_tidptr=0x55556eab9650) = 5287 [pid 5287] set_robust_list(0x55556eab9660, 24) = 0 [pid 5287] chdir("./68") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5287] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] close(4) = 0 [pid 5287] mkdir("./file1", 0777) = 0 [pid 5287] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5287] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5287] chdir("./file1") = 0 [ 135.033345][ T5287] loop0: detected capacity change from 0 to 1024 [ 135.055465][ T5287] EXT4-fs: Ignoring removed oldalloc option [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5287] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5287] write(4, "\xe0", 1) = 1 [pid 5287] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5287] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5287] exit_group(0) = ? [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5290 attached , child_tidptr=0x55556eab9650) = 5290 [pid 5290] set_robust_list(0x55556eab9660, 24) = 0 [pid 5290] chdir("./69") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5290] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] close(4) = 0 [pid 5290] mkdir("./file1", 0777) = 0 [pid 5290] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file1") = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5290] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5290] write(4, "\xe0", 1) = 1 [ 135.366930][ T5290] loop0: detected capacity change from 0 to 1024 [ 135.400848][ T5290] EXT4-fs: Ignoring removed oldalloc option [pid 5290] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5290] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5290] exit_group(0) = ? [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached , child_tidptr=0x55556eab9650) = 5293 [pid 5293] set_robust_list(0x55556eab9660, 24) = 0 [pid 5293] chdir("./70") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] memfd_create("syzkaller", 0) = 3 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5293] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5293] close(3) = 0 [pid 5293] close(4) = 0 [pid 5293] mkdir("./file1", 0777) = 0 [ 135.721594][ T5293] loop0: detected capacity change from 0 to 1024 [pid 5293] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5293] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./file1") = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5293] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5293] write(4, "\xe0", 1) = 1 [pid 5293] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5293] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [ 135.768122][ T5293] EXT4-fs: Ignoring removed oldalloc option [pid 5293] exit_group(0) = ? [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5296 attached , child_tidptr=0x55556eab9650) = 5296 [pid 5296] set_robust_list(0x55556eab9660, 24) = 0 [pid 5296] chdir("./71") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] memfd_create("syzkaller", 0) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5296] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] close(4) = 0 [pid 5296] mkdir("./file1", 0777) = 0 [pid 5296] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5296] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file1") = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5296] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5296] write(4, "\xe0", 1) = 1 [pid 5296] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 136.041866][ T5296] loop0: detected capacity change from 0 to 1024 [ 136.072020][ T5296] EXT4-fs: Ignoring removed oldalloc option [pid 5296] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5296] exit_group(0) = ? [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5299 attached , child_tidptr=0x55556eab9650) = 5299 [pid 5299] set_robust_list(0x55556eab9660, 24) = 0 [pid 5299] chdir("./72") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] memfd_create("syzkaller", 0) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5299] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5299] close(3) = 0 [pid 5299] close(4) = 0 [pid 5299] mkdir("./file1", 0777) = 0 [ 136.414595][ T5299] loop0: detected capacity change from 0 to 1024 [pid 5299] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5299] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5299] chdir("./file1") = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 136.461116][ T5299] EXT4-fs: Ignoring removed oldalloc option [pid 5299] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5299] write(4, "\xe0", 1) = 1 [pid 5299] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5299] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5299] exit_group(0) = ? [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached , child_tidptr=0x55556eab9650) = 5303 [pid 5303] set_robust_list(0x55556eab9660, 24) = 0 [pid 5303] chdir("./73") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] memfd_create("syzkaller", 0) = 3 [pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5303] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] close(3) = 0 [pid 5303] close(4) = 0 [pid 5303] mkdir("./file1", 0777) = 0 [pid 5303] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5303] chdir("./file1") = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5303] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5303] write(4, "\xe0", 1) = 1 [pid 5303] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5303] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5303] exit_group(0) = ? [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 136.793870][ T5303] loop0: detected capacity change from 0 to 1024 [ 136.822819][ T5303] EXT4-fs: Ignoring removed oldalloc option newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5306 attached , child_tidptr=0x55556eab9650) = 5306 [pid 5306] set_robust_list(0x55556eab9660, 24) = 0 [pid 5306] chdir("./74") = 0 [pid 5306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5306] setpgid(0, 0) = 0 [pid 5306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5306] write(3, "1000", 4) = 4 [pid 5306] close(3) = 0 [pid 5306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5306] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] close(4) = 0 [pid 5306] mkdir("./file1", 0777) = 0 [pid 5306] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5306] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./file1") = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 137.026936][ T5306] loop0: detected capacity change from 0 to 1024 [ 137.058921][ T5306] EXT4-fs: Ignoring removed oldalloc option [pid 5306] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5306] write(4, "\xe0", 1) = 1 [pid 5306] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5306] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5306] exit_group(0) = ? [pid 5306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5306, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x55556eab9660, 24 [pid 5073] <... clone resumed>, child_tidptr=0x55556eab9650) = 5309 [pid 5309] <... set_robust_list resumed>) = 0 [pid 5309] chdir("./75") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5309] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] close(4) = 0 [pid 5309] mkdir("./file1", 0777) = 0 [pid 5309] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file1") = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5309] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5309] write(4, "\xe0", 1) = 1 [ 137.349847][ T5309] loop0: detected capacity change from 0 to 1024 [ 137.374846][ T5309] EXT4-fs: Ignoring removed oldalloc option [pid 5309] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5309] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5309] exit_group(0) = ? [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x55556eab9650) = 5312 [pid 5312] set_robust_list(0x55556eab9660, 24) = 0 [pid 5312] chdir("./76") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5312] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] close(4) = 0 [pid 5312] mkdir("./file1", 0777) = 0 [pid 5312] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5312] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./file1") = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5312] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5312] write(4, "\xe0", 1) = 1 [pid 5312] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 137.714609][ T5312] loop0: detected capacity change from 0 to 1024 [ 137.735911][ T5312] EXT4-fs: Ignoring removed oldalloc option [pid 5312] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5312] exit_group(0) = ? [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5315 attached , child_tidptr=0x55556eab9650) = 5315 [pid 5315] set_robust_list(0x55556eab9660, 24) = 0 [pid 5315] chdir("./77") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] memfd_create("syzkaller", 0) = 3 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5315] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5315] close(3) = 0 [pid 5315] close(4) = 0 [pid 5315] mkdir("./file1", 0777) = 0 [pid 5315] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5315] chdir("./file1") = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5315] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 138.047099][ T5315] loop0: detected capacity change from 0 to 1024 [ 138.081773][ T5315] EXT4-fs: Ignoring removed oldalloc option [pid 5315] write(4, "\xe0", 1) = 1 [pid 5315] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5315] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5315] exit_group(0) = ? [pid 5315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5315, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5318 attached , child_tidptr=0x55556eab9650) = 5318 [pid 5318] set_robust_list(0x55556eab9660, 24) = 0 [pid 5318] chdir("./78") = 0 [pid 5318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5318] setpgid(0, 0) = 0 [pid 5318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5318] write(3, "1000", 4) = 4 [pid 5318] close(3) = 0 [pid 5318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5318] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] close(4) = 0 [pid 5318] mkdir("./file1", 0777) = 0 [ 138.333994][ T5318] loop0: detected capacity change from 0 to 1024 [ 138.358928][ T5318] EXT4-fs: Ignoring removed oldalloc option [pid 5318] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5318] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file1") = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5318] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5318] write(4, "\xe0", 1) = 1 [pid 5318] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5318] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5318] exit_group(0) = ? [pid 5318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5318, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 138.380019][ T5318] EXT4-fs mount: 92 callbacks suppressed [ 138.380039][ T5318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 138.496328][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./78/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached , child_tidptr=0x55556eab9650) = 5321 [pid 5321] set_robust_list(0x55556eab9660, 24) = 0 [pid 5321] chdir("./79") = 0 [pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5321] setpgid(0, 0) = 0 [pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5321] write(3, "1000", 4) = 4 [pid 5321] close(3) = 0 [pid 5321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5321] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] close(3) = 0 [pid 5321] close(4) = 0 [pid 5321] mkdir("./file1", 0777) = 0 [ 138.747435][ T5321] loop0: detected capacity change from 0 to 1024 [ 138.784710][ T5321] EXT4-fs: Ignoring removed oldalloc option [pid 5321] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./file1") = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5321] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5321] write(4, "\xe0", 1) = 1 [pid 5321] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5321] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5321] exit_group(0) = ? [ 138.811934][ T5321] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5321, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 138.898984][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./79/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5325 attached , child_tidptr=0x55556eab9650) = 5325 [pid 5325] set_robust_list(0x55556eab9660, 24) = 0 [pid 5325] chdir("./80") = 0 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5325] setpgid(0, 0) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] memfd_create("syzkaller", 0) = 3 [pid 5325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5325] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5325] close(3) = 0 [pid 5325] close(4) = 0 [pid 5325] mkdir("./file1", 0777) = 0 [ 139.160074][ T5325] loop0: detected capacity change from 0 to 1024 [ 139.182114][ T5325] EXT4-fs: Ignoring removed oldalloc option [pid 5325] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5325] chdir("./file1") = 0 [pid 5325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5325] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 139.202635][ T5325] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5325] write(4, "\xe0", 1) = 1 [pid 5325] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5325] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5325] exit_group(0) = ? [pid 5325] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 [ 139.282765][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./80/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5328 attached [pid 5328] set_robust_list(0x55556eab9660, 24 [pid 5073] <... clone resumed>, child_tidptr=0x55556eab9650) = 5328 [pid 5328] <... set_robust_list resumed>) = 0 [pid 5328] chdir("./81") = 0 [pid 5328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5328] setpgid(0, 0) = 0 [pid 5328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5328] write(3, "1000", 4) = 4 [pid 5328] close(3) = 0 [pid 5328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5328] memfd_create("syzkaller", 0) = 3 [pid 5328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5328] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5328] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5328] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5328] close(3) = 0 [pid 5328] close(4) = 0 [pid 5328] mkdir("./file1", 0777) = 0 [ 139.538332][ T5328] loop0: detected capacity change from 0 to 1024 [ 139.574576][ T5328] EXT4-fs: Ignoring removed oldalloc option [pid 5328] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5328] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5328] chdir("./file1") = 0 [pid 5328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5328] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5328] write(4, "\xe0", 1) = 1 [pid 5328] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5328] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5328] exit_group(0) = ? [pid 5328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5328, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 139.591563][ T5328] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 139.662942][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5331 attached , child_tidptr=0x55556eab9650) = 5331 [pid 5331] set_robust_list(0x55556eab9660, 24) = 0 [pid 5331] chdir("./82") = 0 [pid 5331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5331] setpgid(0, 0) = 0 [pid 5331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5331] write(3, "1000", 4) = 4 [pid 5331] close(3) = 0 [pid 5331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5331] memfd_create("syzkaller", 0) = 3 [pid 5331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5331] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5331] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5331] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5331] close(3) = 0 [pid 5331] close(4) = 0 [pid 5331] mkdir("./file1", 0777) = 0 [ 139.894585][ T5331] loop0: detected capacity change from 0 to 1024 [ 139.926737][ T5331] EXT4-fs: Ignoring removed oldalloc option [pid 5331] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5331] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5331] chdir("./file1") = 0 [pid 5331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5331] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5331] write(4, "\xe0", 1) = 1 [pid 5331] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5331] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5331] exit_group(0) = ? [ 139.941488][ T5331] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5331] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5331, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 140.066301][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5334 attached , child_tidptr=0x55556eab9650) = 5334 [pid 5334] set_robust_list(0x55556eab9660, 24) = 0 [pid 5334] chdir("./83") = 0 [pid 5334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5334] setpgid(0, 0) = 0 [pid 5334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5334] write(3, "1000", 4) = 4 [pid 5334] close(3) = 0 [pid 5334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5334] memfd_create("syzkaller", 0) = 3 [pid 5334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5334] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5334] close(3) = 0 [pid 5334] close(4) = 0 [pid 5334] mkdir("./file1", 0777) = 0 [ 140.325684][ T5334] loop0: detected capacity change from 0 to 1024 [ 140.355462][ T5334] EXT4-fs: Ignoring removed oldalloc option [pid 5334] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5334] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5334] chdir("./file1") = 0 [pid 5334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5334] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5334] write(4, "\xe0", 1) = 1 [pid 5334] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [ 140.371875][ T5334] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5334] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5334] exit_group(0) = ? [pid 5334] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5334, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 [ 140.527378][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./83/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5340 attached , child_tidptr=0x55556eab9650) = 5340 [pid 5340] set_robust_list(0x55556eab9660, 24) = 0 [pid 5340] chdir("./84") = 0 [pid 5340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5340] setpgid(0, 0) = 0 [pid 5340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5340] write(3, "1000", 4) = 4 [pid 5340] close(3) = 0 [pid 5340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5340] memfd_create("syzkaller", 0) = 3 [pid 5340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5340] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5340] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5340] close(3) = 0 [pid 5340] close(4) = 0 [pid 5340] mkdir("./file1", 0777) = 0 [ 140.759857][ T5340] loop0: detected capacity change from 0 to 1024 [ 140.786035][ T5340] EXT4-fs: Ignoring removed oldalloc option [pid 5340] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5340] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5340] chdir("./file1") = 0 [pid 5340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5340] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5340] write(4, "\xe0", 1) = 1 [pid 5340] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5340] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5340] exit_group(0) = ? [ 140.801128][ T5340] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5340, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 140.883420][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5343 attached , child_tidptr=0x55556eab9650) = 5343 [pid 5343] set_robust_list(0x55556eab9660, 24) = 0 [pid 5343] chdir("./85") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] memfd_create("syzkaller", 0) = 3 [pid 5343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5343] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5343] close(3) = 0 [pid 5343] close(4) = 0 [pid 5343] mkdir("./file1", 0777) = 0 [ 141.063114][ T5343] loop0: detected capacity change from 0 to 1024 [ 141.098329][ T5343] EXT4-fs: Ignoring removed oldalloc option [pid 5343] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5343] chdir("./file1") = 0 [pid 5343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5343] write(4, "\xe0", 1) = 1 [ 141.121594][ T5343] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5343] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5343] exit_group(0) = ? [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 [ 141.256740][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./85/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5346 attached , child_tidptr=0x55556eab9650) = 5346 [pid 5346] set_robust_list(0x55556eab9660, 24) = 0 [pid 5346] chdir("./86") = 0 [pid 5346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5346] setpgid(0, 0) = 0 [pid 5346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5346] write(3, "1000", 4) = 4 [pid 5346] close(3) = 0 [pid 5346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5346] memfd_create("syzkaller", 0) = 3 [pid 5346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5346] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5346] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5346] close(3) = 0 [pid 5346] close(4) = 0 [pid 5346] mkdir("./file1", 0777) = 0 [ 141.481864][ T5346] loop0: detected capacity change from 0 to 1024 [ 141.511132][ T5346] EXT4-fs: Ignoring removed oldalloc option [pid 5346] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5346] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5346] chdir("./file1") = 0 [pid 5346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5346] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5346] write(4, "\xe0", 1) = 1 [pid 5346] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5346] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5346] exit_group(0) = ? [ 141.532602][ T5346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5346] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5346, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 141.621524][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5350 attached , child_tidptr=0x55556eab9650) = 5350 [pid 5350] set_robust_list(0x55556eab9660, 24) = 0 [pid 5350] chdir("./87") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] memfd_create("syzkaller", 0) = 3 [pid 5350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5350] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5350] close(3) = 0 [pid 5350] close(4) = 0 [pid 5350] mkdir("./file1", 0777) = 0 [ 141.844034][ T5350] loop0: detected capacity change from 0 to 1024 [ 141.869098][ T5350] EXT4-fs: Ignoring removed oldalloc option [pid 5350] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5350] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5350] chdir("./file1") = 0 [pid 5350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5350] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5350] write(4, "\xe0", 1) = 1 [pid 5350] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5350] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5350] exit_group(0) = ? [ 141.901175][ T5350] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 [ 142.033923][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5354 attached , child_tidptr=0x55556eab9650) = 5354 [pid 5354] set_robust_list(0x55556eab9660, 24) = 0 [pid 5354] chdir("./88") = 0 [pid 5354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5354] setpgid(0, 0) = 0 [pid 5354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5354] write(3, "1000", 4) = 4 [pid 5354] close(3) = 0 [pid 5354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5354] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] close(4) = 0 [pid 5354] mkdir("./file1", 0777) = 0 [ 142.278304][ T5354] loop0: detected capacity change from 0 to 1024 [ 142.308001][ T5354] EXT4-fs: Ignoring removed oldalloc option [pid 5354] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file1") = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5354] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5354] write(4, "\xe0", 1) = 1 [pid 5354] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5354] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5354] exit_group(0) = ? [pid 5354] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5354, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 142.329899][ T5354] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 142.412674][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5357 attached , child_tidptr=0x55556eab9650) = 5357 [pid 5357] set_robust_list(0x55556eab9660, 24) = 0 [pid 5357] chdir("./89") = 0 [pid 5357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5357] setpgid(0, 0) = 0 [pid 5357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5357] write(3, "1000", 4) = 4 [pid 5357] close(3) = 0 [pid 5357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc7b7e00000 [pid 5357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5357] munmap(0x7fc7b7e00000, 138412032) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] close(3) = 0 [pid 5357] close(4) = 0 [pid 5357] mkdir("./file1", 0777) = 0 [ 142.622415][ T5357] loop0: detected capacity change from 0 to 1024 [pid 5357] mount("/dev/loop0", "./file1", "ext4", MS_RELATIME, "nodelalloc,noauto_da_alloc,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000080,lazytim"...) = 0 [pid 5357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./file1") = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5357] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5357] write(4, "\xe0", 1) = 1 [pid 5357] lsetxattr("./file1", "trusted.overlay.upper", "\x95\xbf\xdb\xf5\xcf\xda\xff\xc0\xe6\xf5\x1f\x4f\xda\xd7\x6b\x6b\x4f\x5f\xc6\x4f\xfb\xfe\x4d\xbb\x1d\xdb\xee\xfd\xbf\x27\xf9\xbc\x99\xde\x93\xef\xbb\x56\xaa\xd7\x17\xa7\x22\xf6\x24\x9f\x6c\xdc\x3f\xfd\xe8\xb1\xad\x7c\xeb\xfc\xac\xfe\x27\x8e\x6f\xde\xff\x75\xba\xff\xf7\x47\xc4\x17\x3d\xd6\xff\xd6\xd1\x5b\x5d\x4f\x1d\x84\xf6\x9f\x7b\xaa\xf6\x7f\xfa\xc4\xbd\x8f\xbf\xfc\xb1\x5b\xf9\xbd\xb5\xff\xdb\xcd"..., 881, 0) = 0 [pid 5357] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_NOATIME|FASYNC|0x20, 000) = 5 [pid 5357] exit_group(0) = ? [pid 5357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5357, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556eaba6f0 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 142.664110][ T5357] EXT4-fs: Ignoring removed oldalloc option [ 142.681309][ T5357] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556eac2730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556eac2730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file1") = 0 getdents64(3, 0x55556eaba6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3