./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2324283416 <...> Warning: Permanently added '10.128.0.42' (ED25519) to the list of known hosts. execve("./syz-executor2324283416", ["./syz-executor2324283416"], 0x7fff45784200 /* 10 vars */) = 0 brk(NULL) = 0x5555862c5000 brk(0x5555862c5d00) = 0x5555862c5d00 arch_prctl(ARCH_SET_FS, 0x5555862c5380) = 0 set_tid_address(0x5555862c5650) = 5214 set_robust_list(0x5555862c5660, 24) = 0 rseq(0x5555862c5ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2324283416", 4096) = 28 getrandom("\xd7\xa0\x14\x26\x17\x54\x1f\xda", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555862c5d00 brk(0x5555862e6d00) = 0x5555862e6d00 brk(0x5555862e7000) = 0x5555862e7000 mprotect(0x7f95b5f1c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.gaqskp", 0700) = 0 chmod("./syzkaller.gaqskp", 0777) = 0 chdir("./syzkaller.gaqskp") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x5555862c5650) = 5216 [pid 5216] set_robust_list(0x5555862c5660, 24) = 0 [pid 5216] chdir("./0") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] write(1, "executing program\n", 18executing program ) = 18 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5216] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5216] munmap(0x7f95ada00000, 138412032) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] close(4) = 0 [pid 5216] mkdir("./file1", 0777) = 0 [ 70.313978][ T5216] loop0: detected capacity change from 0 to 32768 [ 70.348118][ T5216] ======================================================= [ 70.348118][ T5216] WARNING: The mand mount option has been deprecated and [ 70.348118][ T5216] and is ignored by this kernel. Remove the mand [ 70.348118][ T5216] option from the mount to silence this warning. [ 70.348118][ T5216] ======================================================= [pid 5216] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file1") = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5216] creat("./bus", 000) = 4 [ 70.412315][ T5216] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5216] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5216] exit_group(0) = ? [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 70.769231][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached , child_tidptr=0x5555862c5650) = 5219 [pid 5219] set_robust_list(0x5555862c5660, 24) = 0 [pid 5219] chdir("./1") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5219] write(1, "executing program\n", 18) = 18 [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5219] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5219] munmap(0x7f95ada00000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] close(4) = 0 [pid 5219] mkdir("./file1", 0777) = 0 [ 71.151842][ T5219] loop0: detected capacity change from 0 to 32768 [pid 5219] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5219] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file1") = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5219] creat("./bus", 000) = 4 [ 71.208097][ T5219] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5219] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5219] exit_group(0) = ? [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 71.609221][ T5214] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x5555862c5650) = 5222 [pid 5222] set_robust_list(0x5555862c5660, 24) = 0 [pid 5222] chdir("./2") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5222] write(1, "executing program\n", 18) = 18 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5222] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5222] munmap(0x7f95ada00000, 138412032) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] close(4) = 0 [pid 5222] mkdir("./file1", 0777) = 0 [ 72.120233][ T5222] loop0: detected capacity change from 0 to 32768 [pid 5222] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5222] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file1") = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5222] creat("./bus", 000) = 4 [ 72.173834][ T5222] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5222] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5222] exit_group(0) = ? [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.530011][ T5214] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached , child_tidptr=0x5555862c5650) = 5225 [pid 5225] set_robust_list(0x5555862c5660, 24) = 0 [pid 5225] chdir("./3") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5225] write(1, "executing program\n", 18) = 18 [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5225] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5225] munmap(0x7f95ada00000, 138412032) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./file1", 0777) = 0 [ 73.046392][ T5225] loop0: detected capacity change from 0 to 32768 [pid 5225] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5225] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./file1") = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5225] creat("./bus", 000) = 4 [ 73.115236][ T5225] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5225] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5225] exit_group(0) = ? [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 73.504905][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x5555862c5650) = 5228 [pid 5228] set_robust_list(0x5555862c5660, 24) = 0 [pid 5228] chdir("./4") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] write(1, "executing program\n", 18executing program ) = 18 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5228] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5228] munmap(0x7f95ada00000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] close(4) = 0 [pid 5228] mkdir("./file1", 0777) = 0 [ 73.877840][ T5228] loop0: detected capacity change from 0 to 32768 [pid 5228] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file1") = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5228] creat("./bus", 000) = 4 [ 73.922479][ T5228] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5228] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 74.297276][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached , child_tidptr=0x5555862c5650) = 5231 [pid 5231] set_robust_list(0x5555862c5660, 24) = 0 [pid 5231] chdir("./5") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5231] write(1, "executing program\n", 18) = 18 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5231] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5231] munmap(0x7f95ada00000, 138412032) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] close(4) = 0 [pid 5231] mkdir("./file1", 0777) = 0 [ 74.704780][ T5231] loop0: detected capacity change from 0 to 32768 [pid 5231] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5231] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file1") = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5231] creat("./bus", 000) = 4 [ 74.758540][ T5231] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5231] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5231] exit_group(0) = ? [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 75.143476][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached , child_tidptr=0x5555862c5650) = 5234 [pid 5234] set_robust_list(0x5555862c5660, 24) = 0 [pid 5234] chdir("./6") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5234] write(1, "executing program\n", 18) = 18 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5234] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5234] munmap(0x7f95ada00000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file1", 0777) = 0 [ 75.544819][ T5234] loop0: detected capacity change from 0 to 32768 [pid 5234] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5234] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file1") = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5234] creat("./bus", 000) = 4 [ 75.588570][ T5234] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5234] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5234] exit_group(0) = ? [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.038410][ T5214] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached , child_tidptr=0x5555862c5650) = 5237 [pid 5237] set_robust_list(0x5555862c5660, 24) = 0 [pid 5237] chdir("./7") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] write(1, "executing program\n", 18executing program ) = 18 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5237] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5237] munmap(0x7f95ada00000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file1", 0777) = 0 [ 76.610045][ T5237] loop0: detected capacity change from 0 to 32768 [pid 5237] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file1") = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5237] creat("./bus", 000) = 4 [ 76.658933][ T5237] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5237] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5237] exit_group(0) = ? [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 77.033486][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5240 attached , child_tidptr=0x5555862c5650) = 5240 [pid 5240] set_robust_list(0x5555862c5660, 24) = 0 [pid 5240] chdir("./8") = 0 [pid 5240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5240] setpgid(0, 0) = 0 [pid 5240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5240] write(3, "1000", 4) = 4 [pid 5240] close(3) = 0 [pid 5240] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5240] write(1, "executing program\n", 18) = 18 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5240] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5240] munmap(0x7f95ada00000, 138412032) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] close(4) = 0 [pid 5240] mkdir("./file1", 0777) = 0 [ 77.439194][ T5240] loop0: detected capacity change from 0 to 32768 [pid 5240] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5240] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file1") = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5240] creat("./bus", 000) = 4 [ 77.503298][ T5240] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5240] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5240] exit_group(0) = ? [pid 5240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5240, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 77.888457][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5243 attached , child_tidptr=0x5555862c5650) = 5243 [pid 5243] set_robust_list(0x5555862c5660, 24) = 0 [pid 5243] chdir("./9") = 0 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5243] setpgid(0, 0) = 0 [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5243] write(3, "1000", 4) = 4 [pid 5243] close(3) = 0 [pid 5243] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5243] write(1, "executing program\n", 18) = 18 [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5243] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5243] munmap(0x7f95ada00000, 138412032) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5243] close(3) = 0 [pid 5243] close(4) = 0 [pid 5243] mkdir("./file1", 0777) = 0 [ 78.251689][ T5243] loop0: detected capacity change from 0 to 32768 [pid 5243] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5243] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5243] chdir("./file1") = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5243] creat("./bus", 000) = 4 [ 78.297243][ T5243] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5243] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5243] exit_group(0) = ? [pid 5243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} --- umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 78.681515][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5246 attached , child_tidptr=0x5555862c5650) = 5246 [pid 5246] set_robust_list(0x5555862c5660, 24) = 0 [pid 5246] chdir("./10") = 0 [pid 5246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5246] setpgid(0, 0) = 0 [pid 5246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5246] write(3, "1000", 4) = 4 [pid 5246] close(3) = 0 [pid 5246] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5246] write(1, "executing program\n", 18) = 18 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5246] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5246] munmap(0x7f95ada00000, 138412032) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] close(4) = 0 [pid 5246] mkdir("./file1", 0777) = 0 [ 79.073702][ T5246] loop0: detected capacity change from 0 to 32768 [pid 5246] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5246] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file1") = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5246] creat("./bus", 000) = 4 [ 79.118644][ T5246] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5246] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5246] exit_group(0) = ? [pid 5246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5246, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 79.499235][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5249 attached , child_tidptr=0x5555862c5650) = 5249 [pid 5249] set_robust_list(0x5555862c5660, 24) = 0 [pid 5249] chdir("./11") = 0 [pid 5249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5249] setpgid(0, 0) = 0 [pid 5249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5249] write(3, "1000", 4) = 4 [pid 5249] close(3) = 0 [pid 5249] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5249] write(1, "executing program\n", 18) = 18 [pid 5249] memfd_create("syzkaller", 0) = 3 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5249] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5249] munmap(0x7f95ada00000, 138412032) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5249] close(3) = 0 [pid 5249] close(4) = 0 [pid 5249] mkdir("./file1", 0777) = 0 [ 79.882832][ T5249] loop0: detected capacity change from 0 to 32768 [pid 5249] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5249] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5249] chdir("./file1") = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5249] creat("./bus", 000) = 4 [ 79.924347][ T5249] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5249] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5249] exit_group(0) = ? [pid 5249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5249, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=30 /* 0.30 s */} --- umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 80.310658][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached , child_tidptr=0x5555862c5650) = 5252 [pid 5252] set_robust_list(0x5555862c5660, 24) = 0 [pid 5252] chdir("./12") = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5252] write(1, "executing program\n", 18) = 18 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5252] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5252] munmap(0x7f95ada00000, 138412032) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] close(4) = 0 [pid 5252] mkdir("./file1", 0777) = 0 [ 80.691713][ T5252] loop0: detected capacity change from 0 to 32768 [pid 5252] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5252] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file1") = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5252] creat("./bus", 000) = 4 [ 80.734561][ T5252] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5252] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5252] exit_group(0) = ? [pid 5252] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5252, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} --- umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 81.116644][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x5555862c5660, 24 [pid 5214] <... clone resumed>, child_tidptr=0x5555862c5650) = 5255 [pid 5255] <... set_robust_list resumed>) = 0 [pid 5255] chdir("./13") = 0 [pid 5255] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5255] setpgid(0, 0) = 0 [pid 5255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5255] write(3, "1000", 4) = 4 [pid 5255] close(3) = 0 [pid 5255] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5255] write(1, "executing program\n", 18executing program ) = 18 [pid 5255] memfd_create("syzkaller", 0) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5255] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5255] munmap(0x7f95ada00000, 138412032) = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] close(3) = 0 [pid 5255] close(4) = 0 [pid 5255] mkdir("./file1", 0777) = 0 [ 81.525280][ T5255] loop0: detected capacity change from 0 to 32768 [pid 5255] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5255] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5255] chdir("./file1") = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5255] creat("./bus", 000) = 4 [ 81.571529][ T5255] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5255] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5255] exit_group(0) = ? [pid 5255] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5255, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=32 /* 0.32 s */} --- umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 [ 81.984873][ T5214] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5258 attached [pid 5258] set_robust_list(0x5555862c5660, 24) = 0 [pid 5214] <... clone resumed>, child_tidptr=0x5555862c5650) = 5258 [pid 5258] chdir("./14") = 0 [pid 5258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5258] setpgid(0, 0) = 0 [pid 5258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5258] write(3, "1000", 4) = 4 [pid 5258] close(3) = 0 [pid 5258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5258] write(1, "executing program\n", 18executing program ) = 18 [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5258] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5258] munmap(0x7f95ada00000, 138412032) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] close(4) = 0 [pid 5258] mkdir("./file1", 0777) = 0 [pid 5258] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [ 82.511939][ T5258] loop0: detected capacity change from 0 to 32768 [pid 5258] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./file1") = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5258] creat("./bus", 000) = 4 [ 82.566474][ T5258] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5258] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5258] exit_group(0) = ? [pid 5258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5258, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.932311][ T5214] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5261 attached , child_tidptr=0x5555862c5650) = 5261 [pid 5261] set_robust_list(0x5555862c5660, 24) = 0 [pid 5261] chdir("./15") = 0 [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5261] setpgid(0, 0) = 0 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5261] write(3, "1000", 4) = 4 [pid 5261] close(3) = 0 [pid 5261] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5261] write(1, "executing program\n", 18) = 18 [pid 5261] memfd_create("syzkaller", 0) = 3 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5261] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5261] munmap(0x7f95ada00000, 138412032) = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5261] close(3) = 0 [pid 5261] close(4) = 0 [pid 5261] mkdir("./file1", 0777) = 0 [ 83.470164][ T5261] loop0: detected capacity change from 0 to 32768 [pid 5261] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5261] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5261] chdir("./file1") = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 83.521050][ T5261] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5261] creat("./bus", 000) = 4 [pid 5261] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5261] exit_group(0) = ? [pid 5261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.910685][ T5214] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached , child_tidptr=0x5555862c5650) = 5264 [pid 5264] set_robust_list(0x5555862c5660, 24) = 0 [pid 5264] chdir("./16") = 0 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5264] setpgid(0, 0) = 0 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5264] write(3, "1000", 4) = 4 [pid 5264] close(3) = 0 [pid 5264] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5264] write(1, "executing program\n", 18) = 18 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5264] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5264] munmap(0x7f95ada00000, 138412032) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] close(4) = 0 [pid 5264] mkdir("./file1", 0777) = 0 [ 84.464429][ T5264] loop0: detected capacity change from 0 to 32768 [pid 5264] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5264] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file1") = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5264] creat("./bus", 000) = 4 [ 84.509899][ T5264] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5264] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5264] exit_group(0) = ? [pid 5264] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5264, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 84.897169][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5267 attached , child_tidptr=0x5555862c5650) = 5267 [pid 5267] set_robust_list(0x5555862c5660, 24) = 0 [pid 5267] chdir("./17") = 0 [pid 5267] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5267] setpgid(0, 0) = 0 [pid 5267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5267] write(3, "1000", 4) = 4 [pid 5267] close(3) = 0 [pid 5267] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5267] write(1, "executing program\n", 18executing program ) = 18 [pid 5267] memfd_create("syzkaller", 0) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5267] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5267] munmap(0x7f95ada00000, 138412032) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] close(4) = 0 [pid 5267] mkdir("./file1", 0777) = 0 [ 85.285976][ T5267] loop0: detected capacity change from 0 to 32768 [pid 5267] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5267] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file1") = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 85.329677][ T5267] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5267] creat("./bus", 000) = 4 [pid 5267] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5267] exit_group(0) = ? [pid 5267] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5267, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.748538][ T5214] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5270 attached , child_tidptr=0x5555862c5650) = 5270 [pid 5270] set_robust_list(0x5555862c5660, 24) = 0 [pid 5270] chdir("./18") = 0 [pid 5270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5270] setpgid(0, 0) = 0 [pid 5270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5270] write(3, "1000", 4) = 4 [pid 5270] close(3) = 0 [pid 5270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5270] write(1, "executing program\n", 18executing program ) = 18 [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5270] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5270] munmap(0x7f95ada00000, 138412032) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] close(4) = 0 [pid 5270] mkdir("./file1", 0777) = 0 [ 86.291951][ T5270] loop0: detected capacity change from 0 to 32768 [pid 5270] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5270] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./file1") = 0 [ 86.336168][ T5270] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5270] creat("./bus", 000) = 4 [pid 5270] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5270] exit_group(0) = ? [pid 5270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5270, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 86.765079][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5273 attached , child_tidptr=0x5555862c5650) = 5273 [pid 5273] set_robust_list(0x5555862c5660, 24) = 0 [pid 5273] chdir("./19") = 0 [pid 5273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5273] setpgid(0, 0) = 0 [pid 5273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5273] write(3, "1000", 4) = 4 [pid 5273] close(3) = 0 [pid 5273] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5273] write(1, "executing program\n", 18) = 18 [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [ 87.018910][ T1188] cfg80211: failed to load regulatory.db [pid 5273] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5273] munmap(0x7f95ada00000, 138412032) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] close(4) = 0 [pid 5273] mkdir("./file1", 0777) = 0 [ 87.196114][ T5273] loop0: detected capacity change from 0 to 32768 [pid 5273] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5273] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file1") = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5273] creat("./bus", 000) = 4 [ 87.265392][ T5273] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5273] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5273] exit_group(0) = ? [pid 5273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5273, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 87.612086][ T5214] ocfs2: Unmounting device (7,0) on (node local) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5276 attached , child_tidptr=0x5555862c5650) = 5276 [pid 5276] set_robust_list(0x5555862c5660, 24) = 0 [pid 5276] chdir("./20") = 0 [pid 5276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5276] setpgid(0, 0) = 0 [pid 5276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5276] write(3, "1000", 4) = 4 [pid 5276] close(3) = 0 [pid 5276] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5276] write(1, "executing program\n", 18) = 18 [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5276] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5276] munmap(0x7f95ada00000, 138412032) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] close(4) = 0 [pid 5276] mkdir("./file1", 0777) = 0 [ 88.128692][ T5276] loop0: detected capacity change from 0 to 32768 [pid 5276] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5276] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file1") = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5276] creat("./bus", 000) = 4 [ 88.182217][ T5276] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 88.239606][ T5276] [ 88.242016][ T5276] ====================================================== [ 88.249040][ T5276] WARNING: possible circular locking dependency detected [ 88.256072][ T5276] 6.11.0-syzkaller-10045-g97d8894b6f4c #0 Not tainted [ 88.262848][ T5276] ------------------------------------------------------ [ 88.269872][ T5276] syz-executor232/5276 is trying to acquire lock: [ 88.276379][ T5276] ffff88802d7bd5a8 (&osb->system_file_mutex){+.+.}-{3:3}, at: ocfs2_get_system_file_inode+0x18f/0x7b0 [ 88.287405][ T5276] [ 88.287405][ T5276] but task is already holding lock: [ 88.294772][ T5276] ffff8880754d3f60 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_write_begin+0x1d1/0x3a0 [ 88.305411][ T5276] [ 88.305411][ T5276] which lock already depends on the new lock. [ 88.305411][ T5276] [ 88.315818][ T5276] [ 88.315818][ T5276] the existing dependency chain (in reverse order) is: [ 88.324832][ T5276] [ 88.324832][ T5276] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}: [ 88.333623][ T5276] lock_acquire+0x1ed/0x550 [ 88.338664][ T5276] down_read+0xb1/0xa40 [ 88.343472][ T5276] ocfs2_read_virt_blocks+0x2ca/0xa50 [ 88.349399][ T5276] ocfs2_find_entry+0x43b/0x2780 [ 88.354865][ T5276] ocfs2_find_files_on_disk+0xff/0x360 [ 88.360858][ T5276] ocfs2_lookup_ino_from_name+0xb1/0x1e0 [ 88.367028][ T5276] ocfs2_get_system_file_inode+0x305/0x7b0 [ 88.373371][ T5276] ocfs2_init_global_system_inodes+0x32c/0x730 [ 88.380087][ T5276] ocfs2_fill_super+0x2f47/0x5750 [ 88.385644][ T5276] mount_bdev+0x20a/0x2d0 [ 88.390506][ T5276] legacy_get_tree+0xee/0x190 [ 88.395715][ T5276] vfs_get_tree+0x90/0x2b0 [ 88.400665][ T5276] do_new_mount+0x2be/0xb40 [ 88.405698][ T5276] __se_sys_mount+0x2d6/0x3c0 [ 88.410906][ T5276] do_syscall_64+0xf3/0x230 [ 88.415935][ T5276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.422366][ T5276] [ 88.422366][ T5276] -> #0 (&osb->system_file_mutex){+.+.}-{3:3}: [ 88.430734][ T5276] validate_chain+0x18ef/0x5920 [ 88.436139][ T5276] __lock_acquire+0x1384/0x2050 [ 88.441525][ T5276] lock_acquire+0x1ed/0x550 [ 88.446583][ T5276] __mutex_lock+0x136/0xd70 [ 88.451622][ T5276] ocfs2_get_system_file_inode+0x18f/0x7b0 [ 88.457961][ T5276] ocfs2_reserve_local_alloc_bits+0x107/0x2870 [ 88.464647][ T5276] ocfs2_reserve_clusters_with_limit+0x1b8/0xb60 [ 88.471509][ T5276] ocfs2_lock_allocators+0x30a/0x630 [ 88.477318][ T5276] ocfs2_write_begin_nolock+0x26f2/0x4ec0 [ 88.483571][ T5276] ocfs2_write_begin+0x205/0x3a0 [ 88.489042][ T5276] generic_perform_write+0x344/0x6d0 [ 88.494852][ T5276] ocfs2_file_write_iter+0x17b1/0x1f50 [ 88.500847][ T5276] vfs_write+0xa6d/0xc90 [ 88.505623][ T5276] ksys_write+0x183/0x2b0 [ 88.510482][ T5276] do_syscall_64+0xf3/0x230 [ 88.515597][ T5276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.522021][ T5276] [ 88.522021][ T5276] other info that might help us debug this: [ 88.522021][ T5276] [ 88.532259][ T5276] Possible unsafe locking scenario: [ 88.532259][ T5276] [ 88.539724][ T5276] CPU0 CPU1 [ 88.545086][ T5276] ---- ---- [ 88.550451][ T5276] lock(&ocfs2_file_ip_alloc_sem_key); [ 88.556008][ T5276] lock(&osb->system_file_mutex); [ 88.563656][ T5276] lock(&ocfs2_file_ip_alloc_sem_key); [ 88.571764][ T5276] lock(&osb->system_file_mutex); [ 88.576895][ T5276] [ 88.576895][ T5276] *** DEADLOCK *** [ 88.576895][ T5276] [ 88.585037][ T5276] 3 locks held by syz-executor232/5276: [ 88.590582][ T5276] #0: ffff88807bd20420 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 [ 88.599489][ T5276] #1: ffff8880754d42c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: ocfs2_file_write_iter+0x467/0x1f50 [ 88.610829][ T5276] #2: ffff8880754d3f60 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_write_begin+0x1d1/0x3a0 [ 88.621820][ T5276] [ 88.621820][ T5276] stack backtrace: [ 88.627765][ T5276] CPU: 0 UID: 0 PID: 5276 Comm: syz-executor232 Not tainted 6.11.0-syzkaller-10045-g97d8894b6f4c #0 [ 88.638535][ T5276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 88.648665][ T5276] Call Trace: [ 88.651963][ T5276] [ 88.654905][ T5276] dump_stack_lvl+0x241/0x360 [ 88.659607][ T5276] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.664823][ T5276] ? __pfx__printk+0x10/0x10 [ 88.669453][ T5276] print_circular_bug+0x13a/0x1b0 [ 88.674520][ T5276] check_noncircular+0x36a/0x4a0 [ 88.679566][ T5276] ? __pfx_check_noncircular+0x10/0x10 [ 88.685135][ T5276] ? lockdep_lock+0x123/0x2b0 [ 88.689830][ T5276] ? __pfx_validate_chain+0x10/0x10 [ 88.695038][ T5276] ? deref_stack_reg+0x17c/0x210 [ 88.699994][ T5276] validate_chain+0x18ef/0x5920 [ 88.704852][ T5276] ? unwind_next_frame+0x18e6/0x22d0 [ 88.710152][ T5276] ? deref_stack_reg+0x17c/0x210 [ 88.715196][ T5276] ? __bfs+0x368/0x6f0 [ 88.719272][ T5276] ? __pfx_validate_chain+0x10/0x10 [ 88.724481][ T5276] ? validate_chain+0x11e/0x5920 [ 88.729430][ T5276] ? rcu_is_watching+0x15/0xb0 [ 88.734201][ T5276] ? lock_release+0xbf/0xa30 [ 88.738805][ T5276] ? __pfx_validate_chain+0x10/0x10 [ 88.744015][ T5276] ? deref_stack_reg+0x17c/0x210 [ 88.748967][ T5276] ? __pfx_lock_release+0x10/0x10 [ 88.754016][ T5276] ? mark_lock+0x9a/0x360 [ 88.758351][ T5276] ? deref_stack_reg+0x17c/0x210 [ 88.763304][ T5276] __lock_acquire+0x1384/0x2050 [ 88.768176][ T5276] lock_acquire+0x1ed/0x550 [ 88.772716][ T5276] ? ocfs2_get_system_file_inode+0x18f/0x7b0 [ 88.778754][ T5276] ? __pfx_lock_acquire+0x10/0x10 [ 88.783832][ T5276] ? __pfx___might_resched+0x10/0x10 [ 88.789134][ T5276] __mutex_lock+0x136/0xd70 [ 88.793678][ T5276] ? ocfs2_get_system_file_inode+0x18f/0x7b0 [ 88.799759][ T5276] ? __pfx_lock_acquire+0x10/0x10 [ 88.804798][ T5276] ? ocfs2_get_system_file_inode+0x141/0x7b0 [ 88.810795][ T5276] ? ocfs2_get_system_file_inode+0x18f/0x7b0 [ 88.816793][ T5276] ? __pfx_lock_release+0x10/0x10 [ 88.821847][ T5276] ? __pfx___mutex_lock+0x10/0x10 [ 88.826889][ T5276] ? do_raw_spin_unlock+0x13c/0x8b0 [ 88.832102][ T5276] ocfs2_get_system_file_inode+0x18f/0x7b0 [ 88.837923][ T5276] ? __pfx_ocfs2_get_system_file_inode+0x10/0x10 [ 88.844265][ T5276] ? __pfx_validate_chain+0x10/0x10 [ 88.849471][ T5276] ? kernel_text_address+0xa7/0xe0 [ 88.854591][ T5276] ? __kernel_text_address+0xd/0x40 [ 88.859801][ T5276] ? unwind_get_return_address+0x4d/0x90 [ 88.865447][ T5276] ? arch_stack_walk+0xfd/0x150 [ 88.870306][ T5276] ocfs2_reserve_local_alloc_bits+0x107/0x2870 [ 88.876475][ T5276] ? ocfs2_buffer_cached+0x47e/0x840 [ 88.881776][ T5276] ? mark_lock+0x9a/0x360 [ 88.886138][ T5276] ? __lock_acquire+0x1384/0x2050 [ 88.891195][ T5276] ? __pfx_ocfs2_reserve_local_alloc_bits+0x10/0x10 [ 88.897816][ T5276] ? __pfx_lock_acquire+0x10/0x10 [ 88.902860][ T5276] ? ocfs2_alloc_should_use_local+0x155/0x320 [ 88.908939][ T5276] ? __pfx_lock_release+0x10/0x10 [ 88.913975][ T5276] ? do_raw_spin_lock+0x14f/0x370 [ 88.919035][ T5276] ? do_raw_spin_unlock+0x13c/0x8b0 [ 88.924273][ T5276] ? _raw_spin_unlock+0x28/0x50 [ 88.929147][ T5276] ? ocfs2_alloc_should_use_local+0x155/0x320 [ 88.935233][ T5276] ocfs2_reserve_clusters_with_limit+0x1b8/0xb60 [ 88.941582][ T5276] ? mark_lock+0x9a/0x360 [ 88.945922][ T5276] ? __pfx_ocfs2_reserve_clusters_with_limit+0x10/0x10 [ 88.952794][ T5276] ? rcu_is_watching+0x15/0xb0 [ 88.957574][ T5276] ? ocfs2_num_free_extents+0x3b8/0x6e0 [ 88.963136][ T5276] ? __pfx_ocfs2_num_free_extents+0x10/0x10 [ 88.969053][ T5276] ocfs2_lock_allocators+0x30a/0x630 [ 88.974443][ T5276] ? __pfx_ocfs2_lock_allocators+0x10/0x10 [ 88.980264][ T5276] ? ocfs2_write_begin_nolock+0x114c/0x4ec0 [ 88.986192][ T5276] ? rcu_is_watching+0x15/0xb0 [ 88.990964][ T5276] ? ocfs2_write_begin_nolock+0x114c/0x4ec0 [ 88.996875][ T5276] ? kfree+0x4e/0x440 [ 89.000863][ T5276] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 89.006419][ T5276] ocfs2_write_begin_nolock+0x26f2/0x4ec0 [ 89.012277][ T5276] ? __pfx_ocfs2_write_begin_nolock+0x10/0x10 [ 89.018381][ T5276] ? __pfx_lock_acquire+0x10/0x10 [ 89.023435][ T5276] ? mark_lock+0x9a/0x360 [ 89.027777][ T5276] ? __lock_acquire+0x1384/0x2050 [ 89.032824][ T5276] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ 89.038816][ T5276] ? __pfx_lock_acquire+0x10/0x10 [ 89.043855][ T5276] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.050196][ T5276] ? __pfx___might_resched+0x10/0x10 [ 89.055495][ T5276] ? irqentry_exit+0x63/0x90 [ 89.060124][ T5276] ? irqentry_exit+0x63/0x90 [ 89.064750][ T5276] ? exc_page_fault+0x590/0x8c0 [ 89.069615][ T5276] ? down_write+0x18c/0x220 [ 89.074148][ T5276] ? __pfx_down_write+0x10/0x10 [ 89.079008][ T5276] ocfs2_write_begin+0x205/0x3a0 [ 89.083996][ T5276] ? __pfx_ocfs2_write_begin+0x10/0x10 [ 89.089485][ T5276] ? fault_in_iov_iter_readable+0x229/0x280 [ 89.095396][ T5276] generic_perform_write+0x344/0x6d0 [ 89.100700][ T5276] ? __pfx_generic_perform_write+0x10/0x10 [ 89.106546][ T5276] ? __generic_file_write_iter+0x102/0x230 [ 89.112376][ T5276] ? ocfs2_file_write_iter+0x1790/0x1f50 [ 89.118027][ T5276] ocfs2_file_write_iter+0x17b1/0x1f50 [ 89.123513][ T5276] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 89.129341][ T5276] ? __pfx_lock_acquire+0x10/0x10 [ 89.134386][ T5276] ? rcu_read_lock_any_held+0xb7/0x160 [ 89.139856][ T5276] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 89.145853][ T5276] vfs_write+0xa6d/0xc90 [ 89.150108][ T5276] ? __pfx_ocfs2_file_write_iter+0x10/0x10 [ 89.155948][ T5276] ? __pfx_vfs_write+0x10/0x10 [ 89.160813][ T5276] ? _raw_spin_unlock_irq+0x2e/0x50 [ 89.166144][ T5276] ? fdget_pos+0x265/0x320 [ 89.170662][ T5276] ksys_write+0x183/0x2b0 [ 89.175002][ T5276] ? __pfx_ksys_write+0x10/0x10 [ 89.179861][ T5276] ? exc_page_fault+0x590/0x8c0 [ 89.184727][ T5276] do_syscall_64+0xf3/0x230 [ 89.189235][ T5276] ? clear_bhb_loop+0x35/0x90 [ 89.193928][ T5276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.199838][ T5276] RIP: 0033:0x7f95b5ea4169 [ 89.204374][ T5276] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.224190][ T5276] RSP: 002b:00007ffef148ae18 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 89.232778][ T5276] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f95b5ea4169 [ 89.240848][ T5276] RDX: 000000000f642e7e RSI: 0000000020000200 RDI: 0000000000000004 [ 89.248833][ T5276] RBP: 00000000ffffffff R08: 00000000000008c0 R09: 00000000000008c0 [ 89.256819][ T5276] R10: 0000000000004430 R11: 0000000000000246 R12: 00007ffef148ae60 [ 89.264800][ T5276] R13: 00007ffef148aea0 R14: 0000000001000000 R15: 0000000000000003 [ 89.272787][ T5276] [pid 5276] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5276] exit_group(0) = ? [pid 5276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5276, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 89.585992][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5279 attached [pid 5279] set_robust_list(0x5555862c5660, 24 [pid 5214] <... clone resumed>, child_tidptr=0x5555862c5650) = 5279 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5279] chdir("./21") = 0 [pid 5279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5279] setpgid(0, 0) = 0 [pid 5279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5279] write(3, "1000", 4) = 4 [pid 5279] close(3) = 0 [pid 5279] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5279] write(1, "executing program\n", 18) = 18 [pid 5279] memfd_create("syzkaller", 0) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5279] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5279] munmap(0x7f95ada00000, 138412032) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5279] close(3) = 0 [pid 5279] close(4) = 0 [pid 5279] mkdir("./file1", 0777) = 0 [ 89.916434][ T5279] loop0: detected capacity change from 0 to 32768 [pid 5279] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5279] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file1") = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5279] creat("./bus", 000) = 4 [ 89.969604][ T5279] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5279] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5279] exit_group(0) = ? [pid 5279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5279, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 90.284033][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5282 attached , child_tidptr=0x5555862c5650) = 5282 [pid 5282] set_robust_list(0x5555862c5660, 24) = 0 [pid 5282] chdir("./22") = 0 [pid 5282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5282] setpgid(0, 0) = 0 [pid 5282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5282] write(3, "1000", 4) = 4 [pid 5282] close(3) = 0 [pid 5282] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5282] write(1, "executing program\n", 18) = 18 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5282] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5282] munmap(0x7f95ada00000, 138412032) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] close(4) = 0 [pid 5282] mkdir("./file1", 0777) = 0 [ 90.580906][ T5282] loop0: detected capacity change from 0 to 32768 [pid 5282] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5282] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file1") = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5282] creat("./bus", 000) = 4 [ 90.622168][ T5282] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5282] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5282] exit_group(0) = ? [pid 5282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5282, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 90.884048][ T5214] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5285 attached , child_tidptr=0x5555862c5650) = 5285 [pid 5285] set_robust_list(0x5555862c5660, 24) = 0 [pid 5285] chdir("./23") = 0 [pid 5285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5285] setpgid(0, 0) = 0 [pid 5285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5285] write(3, "1000", 4) = 4 [pid 5285] close(3) = 0 [pid 5285] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5285] write(1, "executing program\n", 18) = 18 [pid 5285] memfd_create("syzkaller", 0) = 3 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5285] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5285] munmap(0x7f95ada00000, 138412032) = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5285] close(3) = 0 [pid 5285] close(4) = 0 [pid 5285] mkdir("./file1", 0777) = 0 [ 91.337159][ T5285] loop0: detected capacity change from 0 to 32768 [pid 5285] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5285] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5285] chdir("./file1") = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5285] creat("./bus", 000) = 4 [ 91.390923][ T5285] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5285] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5285] exit_group(0) = ? [pid 5285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5285, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 91.588557][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5288 attached , child_tidptr=0x5555862c5650) = 5288 [pid 5288] set_robust_list(0x5555862c5660, 24) = 0 [pid 5288] chdir("./24") = 0 [pid 5288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5288] setpgid(0, 0) = 0 [pid 5288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5288] write(3, "1000", 4) = 4 [pid 5288] close(3) = 0 [pid 5288] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5288] write(1, "executing program\n", 18) = 18 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5288] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5288] munmap(0x7f95ada00000, 138412032) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] close(4) = 0 [pid 5288] mkdir("./file1", 0777) = 0 [ 91.915945][ T5288] loop0: detected capacity change from 0 to 32768 [pid 5288] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5288] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./file1") = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5288] creat("./bus", 000) = 4 [ 91.963246][ T5288] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5288] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5288] exit_group(0) = ? [pid 5288] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5288, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 92.142803][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5291 attached , child_tidptr=0x5555862c5650) = 5291 [pid 5291] set_robust_list(0x5555862c5660, 24) = 0 [pid 5291] chdir("./25") = 0 [pid 5291] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5291] setpgid(0, 0) = 0 [pid 5291] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5291] write(3, "1000", 4) = 4 [pid 5291] close(3) = 0 [pid 5291] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5291] write(1, "executing program\n", 18) = 18 [pid 5291] memfd_create("syzkaller", 0) = 3 [pid 5291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5291] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5291] munmap(0x7f95ada00000, 138412032) = 0 [pid 5291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5291] close(3) = 0 [pid 5291] close(4) = 0 [pid 5291] mkdir("./file1", 0777) = 0 [ 92.458224][ T5291] loop0: detected capacity change from 0 to 32768 [pid 5291] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5291] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5291] chdir("./file1") = 0 [pid 5291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5291] creat("./bus", 000) = 4 [ 92.512547][ T5291] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5291] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5291] exit_group(0) = ? [pid 5291] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5291, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 92.792070][ T5214] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5294 attached , child_tidptr=0x5555862c5650) = 5294 [pid 5294] set_robust_list(0x5555862c5660, 24) = 0 [pid 5294] chdir("./26") = 0 [pid 5294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5294] setpgid(0, 0) = 0 [pid 5294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5294] write(3, "1000", 4) = 4 [pid 5294] close(3) = 0 [pid 5294] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5294] write(1, "executing program\n", 18) = 18 [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5294] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5294] munmap(0x7f95ada00000, 138412032) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] close(4) = 0 [pid 5294] mkdir("./file1", 0777) = 0 [ 93.270535][ T5294] loop0: detected capacity change from 0 to 32768 [pid 5294] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5294] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file1") = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5294] creat("./bus", 000) = 4 [ 93.319494][ T5294] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5294] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5294] exit_group(0) = ? [pid 5294] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5294, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 93.657150][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5297 attached , child_tidptr=0x5555862c5650) = 5297 [pid 5297] set_robust_list(0x5555862c5660, 24) = 0 [pid 5297] chdir("./27") = 0 [pid 5297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5297] setpgid(0, 0) = 0 [pid 5297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5297] write(3, "1000", 4) = 4 [pid 5297] close(3) = 0 [pid 5297] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5297] write(1, "executing program\n", 18) = 18 [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5297] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5297] munmap(0x7f95ada00000, 138412032) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] close(4) = 0 [pid 5297] mkdir("./file1", 0777) = 0 [ 93.969897][ T5297] loop0: detected capacity change from 0 to 32768 [pid 5297] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5297] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./file1") = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5297] creat("./bus", 000) = 4 [ 94.018325][ T5297] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5297] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5297] exit_group(0) = ? [pid 5297] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5297, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 94.352918][ T5214] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5300 attached [pid 5300] set_robust_list(0x5555862c5660, 24 [pid 5214] <... clone resumed>, child_tidptr=0x5555862c5650) = 5300 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5300] chdir("./28") = 0 [pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5300] setpgid(0, 0) = 0 [pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5300] write(3, "1000", 4) = 4 [pid 5300] close(3) = 0 [pid 5300] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5300] write(1, "executing program\n", 18) = 18 [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5300] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5300] munmap(0x7f95ada00000, 138412032) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] close(4) = 0 [pid 5300] mkdir("./file1", 0777) = 0 [ 94.822081][ T5300] loop0: detected capacity change from 0 to 32768 [pid 5300] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5300] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file1") = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5300] creat("./bus", 000) = 4 [ 94.870167][ T5300] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5300] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5300] exit_group(0) = ? [pid 5300] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 95.179781][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5303 attached , child_tidptr=0x5555862c5650) = 5303 [pid 5303] set_robust_list(0x5555862c5660, 24) = 0 [pid 5303] chdir("./29") = 0 [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5303] setpgid(0, 0) = 0 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5303] write(1, "executing program\n", 18) = 18 [pid 5303] memfd_create("syzkaller", 0) = 3 [pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5303] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5303] munmap(0x7f95ada00000, 138412032) = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] close(3) = 0 [pid 5303] close(4) = 0 [pid 5303] mkdir("./file1", 0777) = 0 [ 95.464362][ T5303] loop0: detected capacity change from 0 to 32768 [pid 5303] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5303] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5303] chdir("./file1") = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5303] creat("./bus", 000) = 4 [ 95.511640][ T5303] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5303] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5303] exit_group(0) = ? [pid 5303] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 95.800756][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5306 attached , child_tidptr=0x5555862c5650) = 5306 [pid 5306] set_robust_list(0x5555862c5660, 24) = 0 [pid 5306] chdir("./30") = 0 [pid 5306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5306] setpgid(0, 0) = 0 [pid 5306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5306] write(3, "1000", 4) = 4 [pid 5306] close(3) = 0 [pid 5306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5306] write(1, "executing program\n", 18executing program ) = 18 [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5306] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5306] munmap(0x7f95ada00000, 138412032) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] close(4) = 0 [pid 5306] mkdir("./file1", 0777) = 0 [ 96.096289][ T5306] loop0: detected capacity change from 0 to 32768 [pid 5306] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5306] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./file1") = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5306] creat("./bus", 000) = 4 [ 96.159316][ T5306] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5306] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5306] exit_group(0) = ? [pid 5306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5306, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 96.336596][ T5214] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x5555862c5660, 24 [pid 5214] <... clone resumed>, child_tidptr=0x5555862c5650) = 5309 [pid 5309] <... set_robust_list resumed>) = 0 [pid 5309] chdir("./31") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5309] write(1, "executing program\n", 18) = 18 [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5309] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5309] munmap(0x7f95ada00000, 138412032) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] close(4) = 0 [pid 5309] mkdir("./file1", 0777) = 0 [ 96.763265][ T5309] loop0: detected capacity change from 0 to 32768 [pid 5309] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5309] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file1") = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5309] creat("./bus", 000) = 4 [ 96.809345][ T5309] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5309] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5309] exit_group(0) = ? [pid 5309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5309, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 97.109968][ T5214] ocfs2: Unmounting device (7,0) on (node local) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached [pid 5312] set_robust_list(0x5555862c5660, 24 [pid 5214] <... clone resumed>, child_tidptr=0x5555862c5650) = 5312 [pid 5312] <... set_robust_list resumed>) = 0 [pid 5312] chdir("./32") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5312] write(1, "executing program\n", 18) = 18 [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5312] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5312] munmap(0x7f95ada00000, 138412032) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] close(4) = 0 [pid 5312] mkdir("./file1", 0777) = 0 [ 97.403412][ T5312] loop0: detected capacity change from 0 to 32768 [pid 5312] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5312] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./file1") = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 97.445730][ T5312] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [pid 5312] creat("./bus", 000) = 4 [pid 5312] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x20\x98\x8a\x42\x99\xa7\x70\x54\xcd\xb1\x22\x85\xfd\x7a\x0e\x5b\x43\x38\x2d\x96\x23\x72\xb7\x30\x42\x59\x3a\x5b\xd6\xb7\xdb\x4a\x1b\x37\x21\xc6\x2f\x11\x01\x87\x27\xc2\x9f\x3a\x1b\xd1\xe5\x54\x47\x4e\xa0\xd1\xda\x2a\x20\xb2\x05\xdf\x34\x2a\x04\xa3\x4b\x65\xe1\x6a\x23\xe8\xe7\x81\x1a\x98\x49\x63\x07\x3e\xbc\xbe\xad\x85\xf9\xe4\x33\x2b\xde\xf4\xc1\xce\x54\xa1\xc6"..., 258223742) = 2957312 [pid 5312] exit_group(0) = ? [pid 5312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5312, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555862c66f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 97.805986][ T5214] ocfs2: Unmounting device (7,0) on (node local) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555862ce730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555862ce730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x5555862c66f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5315 attached , child_tidptr=0x5555862c5650) = 5315 [pid 5315] set_robust_list(0x5555862c5660, 24) = 0 [pid 5315] chdir("./33") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] write(1, "executing program\n", 18executing program ) = 18 [pid 5315] memfd_create("syzkaller", 0) = 3 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f95ada00000 [pid 5315] write(3, "\x02\x02\x02\x02\x02\x02\x02\x02\x74\x68\x69\x73\x20\x69\x73\x20\x61\x6e\x20\x6f\x63\x66\x73\x32\x20\x76\x6f\x6c\x75\x6d\x65\x00\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02"..., 16777216) = 16777216 [pid 5315] munmap(0x7f95ada00000, 138412032) = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5315] close(3) = 0 [pid 5315] close(4) = 0 [pid 5315] mkdir("./file1", 0777) = 0 [ 98.216261][ T5315] loop0: detected capacity change from 0 to 32768 [pid 5315] mount("/dev/loop0", "./file1", "ocfs2", MS_MANDLOCK|MS_DIRSYNC|MS_NODIRATIME, "acl,heartbeat=none,errors=remount-ro,coherency=full,coherency=full,localflocks,intr,noacl,") = 0 [pid 5315] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5315] chdir("./file1") = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5315] creat("./bus", 000) = 4